[Isolated-exec-devel] Related Work

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I just wanted to let you know about a paper that I ran across, in case
you hadn't see it yet:

Accurate Application-Specific Sandboxing for Win32/Intel Binaries

Wei Li Lap-chung Lam Tzi-cker Chiueh
      Computer Science Department
        Stony Brook University

Abstract:
Comparing the system call sequence of a network application against a
sandboxing policy is a popular approach to detecting control-hijacking
attack, in which the attacker exploits such software vulnerabilities
as buffer overflow to take over the control of a victim application
and possibly the underlying machine. The long-standing technical
barrier to the acceptance of this system call monitoring approach is
how to derive accurate sandboxing policies for Windows applications
whose source code is unavailable. In fact, many commercial computer
security companies take advantage of this fact and fashion a business
model in which their users have to pay a subscription fee to receive
periodic updates on the application sandboxing policies, much like
anti-virus signatures. This paper describes the design, implementation
and evaluation of a sandboxing system called BASS that can
automatically extract a highly accurate application-specific
sandboxing policy from a Win32/X86 binary, and enforce the extracted
policy at run time with low performance overhead. BASS is built on a
binary interpretation and analysis infrastructure called BIRD, which
can handle application binaries with dynamically linked libraries,
exception handlers and multi-threading, and has been shown to work
correctly for a large number of commercially distributed Windowsbased
network applications, including IIS and Apache. The throughput and
latency penalty of BASS for all the applications we have tested except
one is under 8%.

Cheers,
Todd

P.S. I still hope to get back to testing and development on
isolated-exec, but have still been busy with my core research and
projects lately.

--
Todd Deshane
http://todddeshane.net
http://runningxen.com