DocumentCode
613987
Title
Improvements the Seccomp Sandbox Based on PBE Theory
Author
Ma Bo ; Mu Dejun ; Fan Wei ; Hu Wei
Author_Institution
Sch. of Autom., Northwestern Polytech. Univ., Xi´an, China
fYear
2013
fDate
25-28 March 2013
Firstpage
323
Lastpage
328
Abstract
Providing a safe computing condition to unknown user is a crucial task in the existing network computing, and usually we can use the sandbox technology to shield security issues, but the behavior of malicious-occupying the resource has not been well controlled in the sandbox. In this passage, permission rate to access the computational efficiency and accuracy can be available by improving the Linux Kernel Secure Computing Mode(Seccomp) System, furthermore using the system calls judgment technology to prevent its malicious acts from user code can protect the system. During the calculations procedure, specifically, the improved Perfect Bayesian Equilibrium (PBE) Algorithm can be used to determine user behavior in system-call process, utilize this algorithm to construct policy engine, and use the engine decision-making engine to decide existing users´ behavior as a result to maximize the profits of both the user code operating and server system capacity. Moreover agent technology that works in achieving the interrupted determination and interrupted access separate the computing and operating systems simultaneously. After all, improving sandbox technology is to achieve the relative optimization between the user service efficiency and security guarantees. Finally, the experiments show that compared with the Sandboxie and Buffer Zone technology, the proposed algorithm optimizes the consumption of the system resources in the original Seccomp Sandbox, and its access determine in rate also speeds up in the certain degree. In particular, it can effectively prevent special system call from malicious code, which can protect the system mainly in large extent. Moreover, the testing speed and the performance of several regular system calls such as file access operation, write operation also are under the progressive improvement.
Keywords
Bayes methods; Linux; authorisation; decision making; invasive software; optimisation; Linux kernel secure computing mode system; PBE theory; Seccomp sandbox; agent technology; computational accuracy; computational efficiency; file access operation; malicious act prevention; malicious code; network computing; perfect Bayesian equilibrium algorithm; permission rate; policy engine decision-making engine; profit maximization; safe computing condition; system call judgment technology; system call performance improvement; system protection; system resource consumption optimization; testing speed improvement; unknown user; user behavior determination; user code operating system capacity; user code server system capacity; user security guarantees; user service efficiency; write operation; Algorithm design and analysis; Bayes methods; Engines; Games; Kernel; Security; Perfect Bayesian Equilibrium (PBE) algorithm; Sandbox; Seccomp; Virtualization Technology;
fLanguage
English
Publisher
ieee
Conference_Titel
Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on
Conference_Location
Barcelona
Print_ISBN
978-1-4673-6239-9
Electronic_ISBN
978-0-7695-4952-1
Type
conf
DOI
10.1109/WAINA.2013.81
Filename
6550418
Link To Document