Filters








3,002 Hits in 4.4 sec

Virtual Machine Monitor Indigenous Memory Reclamation Technique

Muhammad Shams Ul Haq, Lejian Liao, Ma Lerong
2016 International Journal of Information Technology and Computer Science  
The proposed technique indigenously works in virtual machine monitor layer without installing any driver in VMX non root mode and without new communication channel with host kernel.  ...  We implemented proposed technique with one of open source sandboxes to show effectiveness of proposed memory reclamation method.  ...  New instructions VMLAUNCH and VMRESUME enters the VMX non root mode and executes the guest OS. This transition from root to non root mode is called VM entry.  ... 
doi:10.5815/ijitcs.2016.04.02 fatcat:5od6otqs7bgi5kg4ehjecuiuq4

A portable user-level approach for system-wide integrity protection

Wai-Kit Sze, R. Sekar
2013 Proceedings of the 29th Annual Computer Security Applications Conference on - ACSAC '13  
Like sandboxing, all user data is held within one name space, thereby providing a unified view.  ...  Moreover, policy development is almost entirely automated, sparing users and administrators this cumbersome and difficult task.  ...  For each non-root userid 1 R in the original system, we add a corresponding untrusted userid Ru.  ... 
doi:10.1145/2523649.2523655 dblp:conf/acsac/SzeS13 fatcat:vcv5jeqwhzbsndtcvrfl6wzf3q

GWiQ-P

Kfir Karmon, Liran Liss, Assaf Schuster
2008 ACM SIGOPS Operating Systems Review  
GWiQ-P is light-weight, and in practice is infinitely scalable, satisfying concurrently any number of resource demands, all within the limits of a global quota assigned to each user.  ...  This setup calls for scalable and highly available resource utilization control that adapts itself to dynamic changes in the grid environment as they occur.  ...  This points to the protocol's excellent scalability and local operation. Moreover, for a change rate of 0.1%, the utilization practically equals the quota.  ... 
doi:10.1145/1341312.1341339 fatcat:v4a7c75d3zdcxjsca3dvhmtisi

Tutorial: An Overview of Malware Detection and Evasion Techniques [chapter]

Fabrizio Biondi, Thomas Given-Wilson, Axel Legay, Cassius Puodzius, Jean Quilbeuf
2018 Lecture Notes in Computer Science  
However, some malware can use sandbox detection to detect that they run in such an environment and so avoid exhibiting their malicious behavior.  ...  We demonstrate how statically-extracted syntactic signatures can be used for quickly detecting simple variants of malware.  ...  In this example, x is taken as a user input and then it is tested on being non-negative and a root for x 2 − 3x − 4.  ... 
doi:10.1007/978-3-030-03418-4_34 fatcat:a35rkedbczcgpolcrtevlac2ea

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Z. Cliffe Schreuders, Tanya McGill, Christian Payne
2013 Computers & security  
This paper describes the motivation for application restrictions and sandboxes, presenting an indepth review of the literature covering existing systems.  ...  The paper concludes with a discussion on areas for future work, and points a way forward within this developing field of research with recommendations for usability and abstraction to be considered to  ...  Sandboxes that enforce the same rule-based policy for every program effectively provide a limited form of isolation.  ... 
doi:10.1016/j.cose.2012.09.007 fatcat:k4ujixk57bbaxhe7gmu3fcrcim

A novel approach for computer security education using Minix instructional operating system

Wenliang Du, Mingdong Shang, Haizhi Xu
2006 Computers & security  
The lack of an effective and efficient laboratory for security courses motivated us to consider practices adopted by the traditional mature courses, e.g., operating systems (OS) and compilers.  ...  The courseware contains a set of well defined and documented projects for helping students focus on (1) grasping security concepts, principles and technologies; (2) practicing design and implementation  ...  ., the root directory is changed to newroot for cmd and any of its child processes. Any program running within this sandbox can only access files within the subdirectory of newroot.  ... 
doi:10.1016/j.cose.2005.09.011 fatcat:bbumhrjnm5h4xbzgu6fbm4y7uu

Launching Generic Attacks on iOS with Approved Third-Party Applications [chapter]

Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou
2013 Lecture Notes in Computer Science  
We further provide corresponding mitigation strategies for both vetting and sandbox mechanisms, in order to defend against the proposed attack vector.  ...  Although details of the vetting process and the sandbox are kept as black box by Apple, it was generally believed that these iOS security mechanisms are effective in defending against malwares.  ...  We also thank the anonymous reviewers for their valuable insights and comments.  ... 
doi:10.1007/978-3-642-38980-1_17 fatcat:opk2pkmmkjaurneuqcxyodi3ue

Hybrid User-level Sandboxing of Third-party Android Apps

Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
native libraries and minor for apps with them.  ...  Specifically, dex sandbox hooks into the app's Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and native sandbox  ...  Acknowledgements The authors would like to thank the anonymous reviewers for their insightful comments that helped improve the presentation of this paper.  ... 
doi:10.1145/2714576.2714598 dblp:conf/ccs/ZhouPWWJ15 fatcat:w5iqqjqyp5g2jozmif7ffa5zqu

Cut-and-Mouse and Ghost Control

Ziya Alper Genç, Gabriele Lenzini, Daniele Sgandurra
2021 Digital Threats: Research and Practice  
To protect their digital assets from malware attacks, most users and companies rely on antivirus (AV) software.  ...  Furthermore, we also show some weaknesses in additional protection mechanisms of AVs, such as sandboxing and CAPTCHA verification.  ...  and non-kernel modules.  ... 
doi:10.1145/3431286 fatcat:bxrm6yuiebcmpcuurdtlmxm5om

Practical techniques to obviate setuid-to-root binaries

Bhushan Jain, Chia-Che Tsai, Jitin John, Donald E. Porter
2014 Proceedings of the Ninth European Conference on Computer Systems - EuroSys '14  
This paper demonstrates how least privilege can be achieved on modern systems for non-administrator users.  ...  We identify the policies currently encoded in setuid-to-root binaries, and present a framework for expressing and enforcing these policy categories in the kernel.  ...  Acknowledgements We thank the anonymous reviewers, our shepherd, Ted Wobber, Rob Johnson, and Vyas Sekar for insightful comments on earlier drafts of this paper.  ... 
doi:10.1145/2592798.2592811 dblp:conf/eurosys/JainTJP14 fatcat:ealhdaworvdw5fvhhplbqrtjv4

1987 IEEE Symposium on Security and Privacy

1986 Computer  
TXBOX is a new system for sandboxing untrusted applications.  ...  This makes on-access scanning practical for routine use in production systems. Expressive policies. TXBOX can enforce a rich class of practical security policies.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1986.1663102 fatcat:cduvzxwakjfyxjqlvejzyhdyym

TxBox: Building Secure, Efficient Sandboxes with System Transactions

Suman Jana, Donald E. Porter, Vitaly Shmatikov
2011 2011 IEEE Symposium on Security and Privacy  
TXBOX is a new system for sandboxing untrusted applications.  ...  This makes on-access scanning practical for routine use in production systems. Expressive policies. TXBOX can enforce a rich class of practical security policies.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/sp.2011.33 dblp:conf/sp/JanaPS11 fatcat:thlvosrksjdbfnqn7k6aexkefi

2006 IEEE Symposium on Security and Privacy

2006 2006 IEEE Symposium on Security and Privacy (S&P'06)  
TXBOX is a new system for sandboxing untrusted applications.  ...  This makes on-access scanning practical for routine use in production systems. Expressive policies. TXBOX can enforce a rich class of practical security policies.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/sp.2006.20 fatcat:gutozsr4avfwpgpkvrwa4a77fu

1987 IEEE Symposium on Security and Privacy

1986 Computer  
TXBOX is a new system for sandboxing untrusted applications.  ...  This makes on-access scanning practical for routine use in production systems. Expressive policies. TXBOX can enforce a rich class of practical security policies.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1986.1663329 fatcat:u33ipffhdvhzxnmwjwqx4p3xvq

1988 IEEE Symposium on Security and Privacy

1987 Computer  
TXBOX is a new system for sandboxing untrusted applications.  ...  This makes on-access scanning practical for routine use in production systems. Expressive policies. TXBOX can enforce a rich class of practical security policies.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1987.1663423 fatcat:p76ekk6airaxdariqes2bfucey
« Previous Showing results 1 — 15 out of 3,002 results