Proposed Model for Sandboxing in Linux
Palak Thadeshwar1, Rohan Vora2, Aishwarya Ramachandran3, Lakshmi Kurup4
1Palak Thadeshwar, Department of Computer Science, Dwarkadas J. Sanghvi College of Engineering, (Maharashtra). India.
2Rohan Vora, Department of Computer Science, Dwarkadas J. Sanghvi College of Engineering, (Maharashtra). India.
3Aishwarya Ramachandran, Department of Computer Science, Dwarkadas J. Sanghvi College of Engineering, (Maharashtra). India.
4Prof. Lakshmi Kurup, Department of Computer Science, Dwarkadas J. Sanghvi College of Engineering, Mumbai, (Maharashtra). India.
Manuscript received on 16 November 2015 | Revised Manuscript received on 28 November 2015 | Manuscript Published on 30 November 2015 | PP: 20-23 | Volume-5 Issue-6, November 2015 | Retrieval Number: F2226115615/2015©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The proliferation and popularity of the Internet has led to average Internet users downloading various utilities and applications from the Internet very frequently. Often, these applications are downloaded from untrusted users and websites, or from unverified third parties and suppliers. Due to this, it has become very important for a casual user to differentiate between a malicious and a benign application. This has become excessively difficult because of the rise in number of malicious applications on the Internet. In computer Security, Sandboxing is a mechanism that allows unknown or untrusted code into the system, and yet does not let it damage the system. A sandbox isolates the running program from the rest of the system by imposing restrictions on network resources and file system access, and keeps the host system safe. A sandbox system heavily restricts the program from inspecting the host or reading from the input device. In this paper, we review existing tools that provide sandboxing mechanisms. We compare what features have been used by each, and highlight the advantages and disadvantages of each. In the end, we propose a system that will incorporate the best features of these tools, yet be user-friendly. Index Terms—
Keywords: Computer Security, Sandboxing, Seccomp-bpf, System call interposition.
Scope of the Article: Computer Security