A Secure Environment for Untrusted Helper Applications
(Confining the Wily Hacker)
Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer
Computer Science Division
University of California, Berkeley
Many popular programs, such as Netscape, use untrusted helper
applications to process data from the network. Unfortunately, the
unauthenticated network data they interpret could well have been
created by an adversary, and the helper applications are usually too
complex to be bug-free. This raises significant security concerns.
Therefore, it is desirable to create a secure environment to contain
untrusted helper applications. We propose to reduce the risk of a
security breach by restricting the program's access to the operating
system. In particular, we intercept and filter dangerous system calls
via the Solaris process tracing facility. This enabled us to build a
simple, clean, user-mode implementation of a secure environment for
untrusted helper applications. Our implementation has negligible
performance impact, and can protect pre-existing applications.
View the full text of this paper in PDF, and
POSTSCRIPT (218.405 Bytes) form.
To Become a USENIX Member, please see our