Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
2001 FREENIX Track Technical Program - Abstract

Sandboxing Applications

Vassilis Prevelakis, University of Pennsylvania, and Diomidis Spinellis, Athens University

Abstract

Users frequently have to choose between functionality and security. When running popular Web browsers or email clients, they frequently find themselves turning off features such as JavaScript, only to switch them back on in order to view a certain site or read a particular message. Users of Unix (or similar) systems can construct a sandbox where such programs execute in a restricted environment. Creating such a sandbox is not trivial; one has to determine what files or services to place within the sandbox to facilitate the execution of the application. In this paper we describe a portable system that tracks the file requests made by applications creating an access log. The same system can then use the access log as a template to regulate file access requests made by sandboxed applications. We present an example of how this system was used to place Netscape Navigator in a sandbox.
  • View the full text of this paper in HTML form, and PDF form.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.
?Need help? Use our Contacts page.

Last changed: 13 Feb 2002 ml
Technical Program
Conference index
USENIX home