Title :
Translating Security Policy to Executable Code for Sandboxing Linux Kernel
Author :
Mohanty, Hrushikesha ; VenkataSwamy, M. ; Ramaswamy, Srini ; Shyamasundar, R.K.
Author_Institution :
Dept. of Comput. & Inf. Sci., Univ. of Hyderabad, Hyderabad, India
Abstract :
Model based intrusion detection mechanisms have produced encouraging results for reduced false alarms. This paper extends our earlier work, where we reported for sandboxing Linux 2.6 using code generated from policies. Here we pursue the problem of code generation from a set of policies extracted from a domain model. Such a technique can support the safeguarding of system resources. We also present some of the features of the tool currently under development to automate the sandboxing process.
Keywords :
Linux; operating system kernels; program compilers; security of data; Linux kernel; code generation; executable code; false alarm; intrusion detection; sandboxing; security policy; system resource; Computational modeling; Computer science; Computer security; Computer simulation; Information security; Intrusion detection; Kernel; Law; Legal factors; Linux; Code Generator; Linux kernel; Sandboxing;
Conference_Titel :
Computer Modeling and Simulation, 2009. EMS '09. Third UKSim European Symposium on
Conference_Location :
Athens
Print_ISBN :
978-1-4244-5345-0
Electronic_ISBN :
978-0-7695-3886-0
DOI :
10.1109/EMS.2009.42
