Secure, User-level Resource-Constrained Sandboxing

Chang, Fangzhe; Itzkovitz, Ayal; Karamcheti, Vijay

doi:10.21236/ada439735

Cited by 35 publications

(36 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…With appropriate policy rules, the damage can be contained. Several levels of sandbox exist: kernel level [68], user level [69,70,71], or even hardware-supported sandboxing (e.g. Intel LaGrande [72], TCPA [73,74], TrustZone [75], Microsoft NGSCB [72], ChipLock [76], Bear [73].)…”

Section: Isolationmentioning

confidence: 99%

Survey of Protections from Buffer-Overflow Attacks

Piromsopa¹,

Enbody²

2011

View full text Add to dashboard Cite

Abstract. Buffer-overflow attacks began two decades ago and persist today. Over that time, a number of researchers have proposed many solutions. Their targets were either to prevent or to protect against buffer-overflow attacks. As defenses improved, attacks adapted and became more complicated. Given the maturity of field and the fact that some solutions now exist that can prevent most buffer-overflow attacks, it is time to examine these schemes and their critical issues. In this survey, approaches were categorized into three board categories to provide a basis for understanding bufferoverflow protection schemes.

show abstract

Section: Isolationmentioning

confidence: 99%

Survey of Protections from Buffer-Overflow Attacks

Piromsopa¹,

Enbody²

2011

View full text Add to dashboard Cite

show abstract

“…Finally, while others have considered methods to instrument applications, to intercept requests for resources such as CPU cycles, memory, and bandwidth [Chang et al 2000], the emphasis of our ULS and SafeX work is to develop safe and predictable execution domains in which application-specific services may be deployed. Our work enables COTS systems to be extended with resource management methods to improve and/or guarantee qualities of service [Rajkumar et al 1998] to individual applications without the need for entire QoS architectures [Abdelzaher and Shin 1998;Rosu et al 1998] to be constructed.…”

Section: Related Workmentioning

confidence: 99%

Application-specific service technologies for commodity operating systems in real-time environments

West

Parmer

2011

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

In order to eliminate the costs of proprietary systems and special purpose hardware, many real-time and embedded computing platforms are being built on commodity operating systems and generic hardware. Unfortunately, many such systems are ill-suited to the low-latency and predictable timing requirements of real-time applications. This article, therefore, focuses on application-specific service technologies for low-cost commodity operating systems and hardware, so that real-time service guarantees can be met. We describe contrasting methods to deploy first-class services on commodity systems that are dispatched with low latency and execute asynchronously according to bounds on CPU, memory, and I/O device usage. Specifically, we present a "user-level sandboxing" (ULS) mechanism that relies on hardware protection to isolate applicationspecific services from the core kernel. This approach is compared with a hybrid language and runtime protection scheme, called SafeX, that allows untrusted services to be dynamically linked and loaded into a base kernel. SafeX and ULS have been implemented on commodity Linux systems. Experimental results have shown-that both approaches are capable of reducing service violations (and, hence, better qualities of service) for real-time tasks, compared to traditional user-level methods of service deployment in processprivate address spaces. ULS imposes minimal additional overheads on service dispatch latency compared to SafeX, with the advantage that it does not require application-specific services to execute in the trusted kernel domain. As evidence of the potential capabilities of ULS, we show how a user-level networking stack can be implemented to avoid data copying via the kernel and allow packet processing without explicit process scheduling. This improves throughput and reduces jitter.

show abstract

“…These configurations are grouped into three categories, based on whether the mobile link L 2 exhibits cellular, infrared, or wireless LAN-like characteristics. Five of the configurations correspond to real hardware setups (tagged with a *), the remainder were emulated by restricting (via system call interception) CPU and network resources available to the application [1]. The computation power of different nodes is normalized to a 1 GHz Pentium III node.…”

Section: Effectiveness Of the Base Path Creation Algorithmmentioning

confidence: 99%

“…N 1 , N 2 , and L 1 are wired resources and consequently more capable of maintaining a certain minimum allocation (e.g., by employing additional geographically distributed resources) than the wireless link L 2 . The experiments were run on a wired network with the wireless link behavior emulated by controlling available bandwidth of the application via system call interception [1], as in some configurations in the web access experiment. In this experiment, an external module was used to inform the path about resource availability changes 3 .…”

Section: Planning For Value Rangesmentioning

confidence: 99%

Planning for Network-Aware Paths

Karamcheti

2003

Distributed Applications and Interoperable Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Communication in distributed applications across a wide area network needs to cope with heterogenous and constantly changing network conditions. A promising approach to address this is to augment the whole communication path with network awareness by using "bridging" components that are capable of caching, protocol conversion, transcoding, etc. While several such path-based approaches have been proposed, current approaches lack mechanisms for automatically creating effective network paths whose performance is optimized for encountered network conditions. This paper describes a solution for this problem. Our approach, which is built into an application-level programmable network infrastructure called CANS (Composable Adaptive Network Services), constructs network-aware communication paths that enhance application performance by taking into account both application performance preferences and dynamic resource availability. Our experiments with typical applications verify that communication paths automatically created with our path creation algorithms do bring applications with considerable performance advantages, and fine tuned, desirable adaptation behaviors, with only minimal input from applications.

show abstract

Secure, User-level Resource-Constrained Sandboxing

Cited by 35 publications

References 16 publications

Survey of Protections from Buffer-Overflow Attacks

Survey of Protections from Buffer-Overflow Attacks

Application-specific service technologies for commodity operating systems in real-time environments

Planning for Network-Aware Paths

Contact Info

Product

Resources

About