Filters








2,274 Hits in 5.1 sec

Evaluating the Flexibility of the Java Sandbox

Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, Joshua Sunshine
2015 Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015  
The ubiquitously-installed Java Runtime Environment (JRE) provides a complex, flexible set of mechanisms that support the execution of untrusted code inside a secure sandbox.  ...  These practical rules should be enforced in the JRE to fortify the Java sandbox.  ...  We evaluated whether each of the available Java permissions can lead to sandbox bypasses.  ... 
doi:10.1145/2818000.2818003 dblp:conf/acsac/CokerMDGS15 fatcat:gmmzimr7hjf5jpqyttht2xipsa

JVM-Portable Sandboxing of Java's Native Libraries [chapter]

Mengtao Sun, Gang Tan
2012 Lecture Notes in Computer Science  
Previous work, Robusta, puts native libraries in a sandbox to protect the integrity and security of Java.  ...  This paper shows how to make the idea of sandboxing native libraries JVM-portable. We present a two-layer approach for sandboxing without modifying the internals of a JVM.  ...  Acknowledgments We thank Martin Hirzel for suggesting the JVMTI approach for native-code sandboxing. This research is supported by US NSF grants CCF-0915157, CCF-  ... 
doi:10.1007/978-3-642-33167-1_48 fatcat:3dyus5aborc3thmbzj2jpl7rt4

Docker as Platform for Assignments Evaluation

František Špaček, Radomír Sohlich, Tomáš Dulík
2015 Procedia Engineering  
This paper discusses the analysis and realization of such a system for user submitted automatic source code evaluation.  ...  Container based platform Docker was selected after research of ready to use sandbox technologies.  ...  Acknowledgements This project was supported by the Ministry of Education of the Czech Republic under a FRVŠ project 1542/2013/G1.  ... 
doi:10.1016/j.proeng.2015.01.541 fatcat:agxuwsvtxjadtfrakktfeucnda

Remote Management and Secure Application Development for Pervasive Home Systems Using JASON

Bert Bos, Lukasz Chmielewski, Jaap-Henk Hoepman, Thanh Son Nguyen
2007 Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2007)  
Software development to implement such services need to solve complex security problems and need to be aware of the large spread of capabilities among the different devices.  ...  In a modern house, the number of electronic devices keeps increasing. More and more of these devices become interconnected, to provide new services.  ...  On the Application Level, we have the Java VM which provides a sandbox for a Java application from Figure 2. Different levels of sandboxing within the Java Virtual Machine [11] .  ... 
doi:10.1109/secperu.2007.9 dblp:conf/secperu/BosCHN07 fatcat:aqkogsxwknbtpkp3tz76fgnj5u

Bringing java's wild native world under control

Mengtao Sun, Gang Tan, Joseph Siefers, Bin Zeng, Greg Morrisett
2013 ACM Transactions on Privacy and Security  
Evaluation of our framework demonstrates that it incurs modest runtime overhead while significantly enhancing the security of Java applications.  ...  Leveraging software-based fault isolation, the framework puts native code in a separate sandbox and allows the interaction between the native world and the Java world only through a carefully designed  ...  ACKNOWLEDGMENTS We thank Mark Seaborn for explaining the NaCl implementation. We thank Martin Hirzel for suggesting the JVMTI approach for native-code sandboxing.  ... 
doi:10.1145/2535505 fatcat:w2hjxwbverdntar5d6wep2djtq

Retaining sandbox containment despite bugs in privileged memory-safe code

Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh, Cosmin Barsan, Arvind Krishnamurthy, Thomas Anderson
2010 Proceedings of the 17th ACM conference on Computer and communications security - CCS '10  
Unfortunately, flaws in the standard library often allow an attacker to escape the security protections of the sandbox.  ...  Flaws in the standard libraries of secure sandboxes represent a major security threat to billions of devices worldwide.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of BBN Technologies, Corp., the GENI Project Office  ... 
doi:10.1145/1866307.1866332 dblp:conf/ccs/CapposDRSBBKA10 fatcat:3ssev3ed5vhv3asant2toko3gq

Architectures for secure portable executable content

Stefanos Gritzalis, George Aggelis, Diomidis Spinellis
1999 Internet Research  
In this paper, the two proposed security models are described in detail and the efficiency and flexibility of current implementations are evaluated in a comparative manner.  ...  Java enables the execution of a program, on almost any modern computer regardless of hardware configuration and operating system.  ...  We present and compare the current implementations as well as upcoming extensions of the two security models, and evaluate their efficiency and flexibility.  ... 
doi:10.1108/10662249910251273 fatcat:3526qdymzbesvgwlknvjnlcpxy

CHERI JNI

David Chisnall, Stacey Son, Michael Roe, Simon W. Moore, Peter G. Neumann, Ben Laurie, Robert N.M. Watson, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff (+3 others)
2017 ACM SIGOPS Operating Systems Review  
Java provides security and robustness by building a highlevel security model atop the foundation of memory protection.  ...  We show that it is possible to preserve the memory safety and isolation requirements of the Java security model in C code, allowing native code to run in the same process as Java code with the same impact  ...  We have extended the CHERI sandboxing mechanism to support callbacks and asymmetric distrust, demonstrating the flexibility of the CHERI instruction set in adapting to security models beyond those initially  ... 
doi:10.1145/3093315.3037725 fatcat:ijnpul3om5gclm5nxbm7bnjj3e

In-nimbo sandboxing

Michael Maass, William L. Scherlis, Jonathan Aldrich
2014 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security - HotSoS '14  
Attack Success: Structured Evaluation • Using a priori knowledge of how a sandbox functions, consider threats that exist when the sandbox holds, fails, or is bypassed • A bypass occurs when an  ...  Field Trial • The sandbox as designed supports the full range of PDF features: • 3-D models, printing, DRM, forms, and opening URLs • We built a prototype of the sandbox and deployed it in cooperation  ...  Reader X Local VM Cloud VM Usability + users don't notice it -VMM management decentralized + sandbox fully managed by a central authority  ... 
doi:10.1145/2600176.2600177 dblp:conf/hotsos/MaassSA14 fatcat:g6vedhqxurad5dh5ezxcmzfivi

RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing

Haihe Ba, Huaizhe Zhou, Huidong Qiao, Zhiying Wang, Jiangchun Ren
2018 Symmetry  
The analysis of some Java exploits indicates that the violation results primarily from the given excess sandbox permission, loading flaws in Java class libraries and third-party middlewares and the abuse  ...  This paper also reports the experimental evaluation of a RIM4J prototype using both a macro-and a micro-benchmark; the experimental results indicate that RIM4J is a practical solution for real-world applications  ...  We are also thankful to them for the successful completion of this part of the project.  ... 
doi:10.3390/sym10070253 fatcat:eyxkdx6fjnf6dfhk2zgkdm6dse

Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices

Iulia Ion, Boris Dragovic, Bruno Crispo
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
The growth of the applications and services market for mobile devices is currently slowed down by the lack of a flexible and reliable security infrastructure.  ...  This paper proposes an extension to the security architecture of the Java Virtual Machine for mobile systems, to support fine-grained policy specification and run-time enforcement.  ...  The flexibility of the model is proven by example, while the policy enforcement mechanisms lend themselves to being evaluated empirically.  ... 
doi:10.1109/acsac.2007.36 dblp:conf/acsac/IonDC07 fatcat:4fernieej5clhm2asiei3srpl4

Enter Sandbox: Android Sandbox Comparison [article]

Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani, Edgar Weippl
2014 arXiv   pre-print
Furthermore the Master Key bugs could be exploited by malware to hide malicious behavior from the sandboxes.  ...  In this paper, we give an overview of the state-of-the-art dynamic code analysis platforms for Android and evaluate their effectiveness with samples from known malware corpora as well as known Android  ...  Moreover this work has been carried out within the scope of u'smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments.  ... 
arXiv:1410.7749v1 fatcat:uh67vr2eyvajdcts62mjodjb24

Hybrid User-level Sandboxing of Third-party Android Apps

Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
leverages software fault isolation to prevent the app's native libraries from directly accessing the protected APIs or subverting the dex sandbox.  ...  Specifically, dex sandbox hooks into the app's Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and native sandbox  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF.  ... 
doi:10.1145/2714576.2714598 dblp:conf/ccs/ZhouPWWJ15 fatcat:w5iqqjqyp5g2jozmif7ffa5zqu

An Open-Source Sandbox for Increasing the Accessibility of Functional Programming to the Bioinformatics and Scientific Communities

Matthew Fenwick, Colbert Sesanker, Martin R. Schiller, Heidi JC Ellis, M. Lee Hinman, Jay Vyas, Michael R. Gryk
2012 2012 Ninth International Conference on Information Technology - New Generations  
Unfortunately, the learning curve for adoption of functional programming techniques is steeper than that for more traditional languages in the scientific community, such as Python and Java, and this is  ...  The source code is available at: https://github.com/CONNJUR/CONNJUR-Sandbox (see also http://www.connjur.org).  ...  Acknowledgments This research was funded by US National Institutes of Health grant GM-083072.  ... 
doi:10.1109/itng.2012.21 pmid:25328913 pmcid:PMC4197993 dblp:conf/itng/FenwickSSEHVG12 fatcat:65szd4tidbf43dbskerudnvtfi

A systematic analysis of the science of sandboxing

Michael Maass, Adam Sales, Benjamin Chung, Joshua Sunshine
2016 PeerJ Computer Science  
and evaluating sandboxing techniques.  ...  We propose ways to structure arguments to ensure they fully support their corresponding claims and suggest lightweight means of evaluating sandbox usability.  ...  'Policy flexibility as a usability bellwether' What are the requirements of components being sandboxed?  ... 
doi:10.7717/peerj-cs.43 fatcat:ti4q2hdnwngy7awrsrddzan7km
« Previous Showing results 1 — 15 out of 2,274 results