TY - GEN
T1 - FlexBox
T2 - 13th IEEE Symposium on Computers and Communications, ISCC 2008
AU - Tanoue, Ayumu
AU - Shimamura, Makoto
AU - Hanaoka, Miyuki
AU - Kono, Kenji
N1 - Copyright:
Copyright 2008 Elsevier B.V., All rights reserved.
PY - 2008
Y1 - 2008
N2 - Internet servers are constantly exposed to malicious attacks launched remotely. Sandbox is a promising approach to reducing the damage caused by malicious attacks. A sandbox system provides a restricted environment for executing programs/codes from an Internet server, in which the accessible resources are limited to those required for legal execution. However, traditional sandbox systems are not suitable for preventing sensitive files, legally accessed by Internet servers, from being leaked or tampered. A sandbox system must permit access to sensitive files if the sandboxed server requires access to them. This paper presents FlexBox, a novel sandbox system that reduces the possibility of leaking or tampering with sensitive files accessed by Internet servers. The key observation is that Internet servers typically have several execution states, each of which requires different access rights to resources such as files, especially sensitive files that are usually accessed only in a few execution states. Therefore, if FlexBox dynamically changes a set of accessible files according to servers' execution states, it is expected to dramatically reduce the possibility of information leakage/tampering. To obtain the execution states of Internet servers, FlexBox exploits the layer-7 contexts of Internet servers, i.e., it monitors the network messages exchanged between the server and clients. We demonstrate that FlexBox can be applied to several real Internet servers and the overhead from FlexBox is reasonably low.
AB - Internet servers are constantly exposed to malicious attacks launched remotely. Sandbox is a promising approach to reducing the damage caused by malicious attacks. A sandbox system provides a restricted environment for executing programs/codes from an Internet server, in which the accessible resources are limited to those required for legal execution. However, traditional sandbox systems are not suitable for preventing sensitive files, legally accessed by Internet servers, from being leaked or tampered. A sandbox system must permit access to sensitive files if the sandboxed server requires access to them. This paper presents FlexBox, a novel sandbox system that reduces the possibility of leaking or tampering with sensitive files accessed by Internet servers. The key observation is that Internet servers typically have several execution states, each of which requires different access rights to resources such as files, especially sensitive files that are usually accessed only in a few execution states. Therefore, if FlexBox dynamically changes a set of accessible files according to servers' execution states, it is expected to dramatically reduce the possibility of information leakage/tampering. To obtain the execution states of Internet servers, FlexBox exploits the layer-7 contexts of Internet servers, i.e., it monitors the network messages exchanged between the server and clients. We demonstrate that FlexBox can be applied to several real Internet servers and the overhead from FlexBox is reasonably low.
UR - http://www.scopus.com/inward/record.url?scp=55849106343&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=55849106343&partnerID=8YFLogxK
U2 - 10.1109/ISCC.2008.4625645
DO - 10.1109/ISCC.2008.4625645
M3 - Conference contribution
AN - SCOPUS:55849106343
SN - 9781424427031
T3 - Proceedings - IEEE Symposium on Computers and Communications
SP - 386
EP - 391
BT - IEEE Symposium on Computers and Communications 2008, ISCC 2008
Y2 - 6 July 2008 through 9 July 2008
ER -