DocumentCode :
2351010
Title :
TxBox: Building Secure, Efficient Sandboxes with System Transactions
Author :
Jana, Suman ; Porter, Donald E. ; Shmatikov, Vitaly
Author_Institution :
Univ. of Texas at Austin, Austin, TX, USA
fYear :
2011
fDate :
22-25 May 2011
Firstpage :
329
Lastpage :
344
Abstract :
TxBox is a new system for sand boxing untrusted applications. It speculatively executes the application in a system transaction, allowing security checks to be parallelized and yielding significant performance gains for techniques such as on-access anti-virus scanning. TxBox is not vulnerable to TOCTTOU attacks and incorrect mirroring of kernel state. Furthermore, TxBox supports automatic recovery: if a violation is detected, the sand boxed program is terminated and all of its effects on the host are rolled back. This enables effective enforcement of security policies that span multiple system calls.
Keywords :
security of data; TOCTTOU attacks; TxBox; automatic recovery; building security; efficient sandboxes; kernel state; onaccess antivirus scanning; sand boxed program; sand boxing untrusted applications; security checks; security policies; system transaction; system transactions; Codecs; Instruments; Kernel; Malware; Monitoring; Semantics; sandbox; speculative execution; transaction;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy (SP), 2011 IEEE Symposium on
Conference_Location :
Berkeley, CA
ISSN :
1081-6011
Print_ISBN :
978-1-4577-0147-4
Electronic_ISBN :
1081-6011
Type :
conf
DOI :
10.1109/SP.2011.33
Filename :
5958038
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2351010
بازگشت