Building Dynamic System Call Sandbox with Partial Order Analysis
Abstract
References
Index Terms
- Building Dynamic System Call Sandbox with Partial Order Analysis
Recommendations
SysXCHG: Refining Privilege with Adaptive System Call Filters
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityWe present the design, implementation, and evaluation of SysXCHG: a system call (syscall) filtering enforcement mechanism that enables programs to run in accordance with the principle of least privilege. In contrast to the current, hierarchical design of ...
HODOR: Shrinking Attack Surface on Node.js via System Call Limitation
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityNode.js applications are becoming more and more widely adopted on the server side, partly due to the convenience of building these applications on top of the runtime provided by popular Node.js engines and the large number of third-party packages ...
Sifter: protecting security-critical kernel modules in Android through attack surface reduction
MobiCom '22: Proceedings of the 28th Annual International Conference on Mobile Computing And NetworkingThe Linux kernel is an important part of the Trusted Computing Base (TCB) of a mobile device using the Android OS, making it attractive to attackers. While all vulnerabilities in the kernel are important, those that are directly reachable by untrusted ...
Comments
Information & Contributors
Information
Published In
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 381Total Downloads
- Downloads (Last 12 months)381
- Downloads (Last 6 weeks)44
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in