Improvements the Seccomp Sandbox Based on PBE Theory

Providing a safe computing condition to unknown user is a crucial task in the existing network computing, and usually we can use the sandbox technology to shield security issues, but the behavior of malicious-occupying the resource has not been well controlled in the sandbox. In this passage, permission rate to access the computational efficiency and accuracy can be available by improving the Linux Kernel Secure Computing Mode(Seccomp) System, furthermore using the system calls judgment technology to prevent its malicious acts from user code can protect the system. During the calculations procedure, specifically, the improved Perfect Bayesian Equilibrium (PBE) Algorithm can be used to determine user behavior in system-call process, utilize this algorithm to construct policy engine, and use the engine decision-making engine to decide existing users´ behavior as a result to maximize the profits of both the user code operating and server system capacity. Moreover agent technology that works in achieving the interrupted determination and interrupted access separate the computing and operating systems simultaneously. After all, improving sandbox technology is to achieve the relative optimization between the user service efficiency and security guarantees. Finally, the experiments show that compared with the Sandboxie and Buffer Zone technology, the proposed algorithm optimizes the consumption of the system resources in the original Seccomp Sandbox, and its access determine in rate also speeds up in the certain degree. In particular, it can effectively prevent special system call from malicious code, which can protect the system mainly in large extent. Moreover, the testing speed and the performance of several regular system calls such as file access operation, write operation also are under the progressive improvement.