The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Schreuders, Z. Cliffe; McGill, Tanya; Payne, Christian

doi:10.1016/j.cose.2012.09.007

Cited by 18 publications

(11 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Two sandbox approaches are traditionally managed: rule and isolation based, each one has advantages and limitations. In an isolation based approach an application A executes an application B in a sandboxed environment, usually virtualized, where application B has access to some specific and controlled sandbox resources [34]with each process typically capable of utilising all of the user's privileges. Consequently such security mechanisms often fail to protect against contemporary threats, such as previously unknown ('zero-day'.…”

Section: Using Sandboxing and Machine Lear-ning In State Security Agementioning

confidence: 99%

“…On the other hand, in a ruled based approach each sandbox enforces a specific policy regarding the resources that applications within the sandbox can access. Application A can launch application B implicitly in sandbox B which enforce a policy for B [34]with each process typically capable of utilising all of the user's privileges. Consequently such security mechanisms often fail to protect against contemporary threats, such as previously unknown ('zero-day'.…”

Section: Using Sandboxing and Machine Lear-ning In State Security Agementioning

confidence: 99%

See 1 more Smart Citation

Building malware classificators usable by State security agencies

Useche-Peláez¹,

Díaz-López²,

Sepúlveda-Alzate³

et al. 2018

ITECKNE

View full text Add to dashboard Cite

Sandboxing has been used regularly to analyze software samples and determine if these contain suspicious properties or behaviors. Even if sandboxing is a powerful technique to perform malware analysis, it requires that a malware analyst performs a rigorous analysis of the results to determine the nature of the sample: goodware or malware. This paper proposes two machine learning models able to classify samples based on signatures and permissions obtained through Cuckoo sandbox, Androguard and VirusTotal. The developed models are also tested obtaining an acceptable percentage of correctly classified samples, being in this way useful tools for a malware analyst. A proposal of architecture for an IoT sentinel that uses one of the developed machine learning model is also showed. Finally, different approaches, perspectives, and challenges about the use of sandboxing and machine learning by security teams in State security agencies are also shared.

show abstract

Section: Using Sandboxing and Machine Lear-ning In State Security Agementioning

confidence: 99%

Section: Using Sandboxing and Machine Lear-ning In State Security Agementioning

confidence: 99%

Building malware classificators usable by State security agencies

Useche-Peláez¹,

Díaz-López²,

Sepúlveda-Alzate³

et al. 2018

ITECKNE

View full text Add to dashboard Cite

show abstract

“…Even recently published surveys of sandbox literature have either acknowledged the ambiguity, then used overly-broad definitions that include mechanisms not traditionally considered to be sandboxes (Schreuders et al, 2013), or have relied entirely on the use of examples instead of a precise definition (Al Ameiri and Salah, 2011). Schreuders writes, "Although the terminology in use varies, in general a sandbox is separate from the access controls applied to all running programs.…”

Section: What Is a Sandbox?mentioning

confidence: 99%

Peer Review #2 of "A systematic analysis of the science of sandboxing (v0.1)"

Spinellis¹

2016

View full text Add to dashboard Cite

Sandboxes are increasingly important building materials for secure software systems. In recognition of their potential to improve the security posture of many systems at various points in the development lifecycle, researchers have spent the last several decades developing, improving, and evaluating sandboxing techniques. What has been done in this space? Where are the barriers to advancement? What are the gaps in these efforts? We systematically analyze a decade of sandbox research from five top-tier security and systems conferences using qualitative content analysis, statistical clustering, and graphbased metrics to answer these questions and more. We find that the term "sandbox" currently has no widely accepted or acceptable definition. We use our broad scope to propose the first concise and comprehensive definition for "sandbox" that consistently encompasses research sandboxes. We learn that the sandboxing landscape covers a range of deployment options and policy enforcement techniques collectively capable of defending diverse sets of components while mitigating a wide range of vulnerabilities. Researchers consistently make security, performance, and applicability claims about their sandboxes and tend to narrowly define the claims to ensure they can be evaluated. Those claims are validated using multi-faceted strategies spanning proof, analytical analysis, benchmark suites, case studies, and argumentation. However, we find two cases for improvement: (1) the arguments researchers present are often ad hoc and (2) sandbox usability is mostly uncharted territory. We propose ways to structure arguments to ensure they fully support their corresponding claims and suggest lightweight means of evaluating sandbox usability.

show abstract

“…Even recently published surveys of sandbox literature have either acknowledged the ambiguity, then used overly-broad definitions that include mechanisms not traditionally considered to be sandboxes (Schreuders, McGill & Payne, 2013), or have relied entirely on the use of examples instead of a precise definition (Al Ameiri & Salah, 2011). Schreuders writes, "Although the terminology in use varies, in general a sandbox is separate from the access controls applied to all running programs.…”

Section: What Is a Sandbox?mentioning

confidence: 99%

A systematic analysis of the science of sandboxing

Maass

Sales

Chung

et al. 2016

PeerJ Computer Science

View full text Add to dashboard Cite

Sandboxes are increasingly important building materials for secure software systems. In recognition of their potential to improve the security posture of many systems at various points in the development lifecycle, researchers have spent the last several decades developing, improving, and evaluating sandboxing techniques. What has been done in this space? Where are the barriers to advancement? What are the gaps in these efforts? We systematically analyze a decade of sandbox research from five top-tier security and systems conferences using qualitative content analysis, statistical clustering, and graph-based metrics to answer these questions and more. We find that the term "sandbox" currently has no widely accepted or acceptable definition. We use our broad scope to propose the first concise and comprehensive definition for "sandbox" that consistently encompasses research sandboxes. We learn that the sandboxing landscape covers a range of deployment options and policy enforcement techniques collectively capable of defending diverse sets of components while mitigating a wide range of vulnerabilities. Researchers consistently make security, performance, and applicability claims about their sandboxes and tend to narrowly define the claims to ensure they can be evaluated. Those claims are validated using multi-faceted strategies spanning proof, analytical analysis, benchmark suites, case studies, and argumentation. However, we find two cases for improvement: (1) the arguments researchers present are often ad hoc and (2) sandbox usability is mostly uncharted territory. We propose ways to structure arguments to ensure they fully support their corresponding claims and suggest lightweight means of evaluating sandbox usability.

show abstract

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Cited by 18 publications

References 66 publications

Building malware classificators usable by State security agencies

Building malware classificators usable by State security agencies

Peer Review #2 of "A systematic analysis of the science of sandboxing (v0.1)"

A systematic analysis of the science of sandboxing

Contact Info

Product

Resources

About