Secure Coding mailing list archives
RE: Hypothetical design question
From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: Fri, 30 Jan 2004 17:23:30 +0000
You might be interested in a paper that was presented/published at the most recent Annual Computer Security Applications Conference (www.acsac.org). The idea was to create a transaction approach for running programs. When you run a program, it creates a copy-on-write version of every file that gets modified, and when you're done, the user has the choice of accepting or rejecting the entire transaction. If they accept, then all the changes get "committed"; if you reject then they all get discarded. There are a lot of limitations to this sort of approach (e.g., it only can roll back file system activities, and there are problems if you have multiple simultaneous modifications, and it's hard for a user to tell what's an OK change and what's not), but it's a starting point. Full paper available at www.acsac.org; the paper is "Isolated Program Execution: An Application-Transparent Approach for Executing Untrusted Programs", by Zhenkai Liang, Stony Brook University. It won the "outstanding paper" award. And tying it to this discussion, using a semi-sandbox of this sort might be a way of dealing with email attachments. --Jeremy
Current thread:
- RE: Re: Hypothetical design question, (continued)
- RE: Re: Hypothetical design question Michael S Hines (Jan 30)
- RE: Re: Hypothetical design question Ben Corneau (Jan 31)
- RE: Re: Hypothetical design question Alun Jones (Feb 01)
- RE: Re: Hypothetical design question Michael S Hines (Jan 30)
- RE: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question der Mouse (Jan 30)
- Re: Hypothetical design question Glenn and Mary Everhart (Jan 30)
- Re: Hypothetical design question Fernando Schapachnik (Jan 30)
- RE: Re: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question Greenarrow 1 (Jan 30)
- RE: Re: Hypothetical design question Carl G. Alphonce (Jan 30)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
- Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
- RE: Hypothetical design question ljknews (Feb 01)
- RE: Hypothetical design question Alun Jones (Feb 02)
- RE: Hypothetical design question ljknews (Feb 03)
- Re: Hypothetical design question Crispin Cowan (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- RE: Hypothetical design question dtalk-ml (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- Re: Hypothetical design question Crispin Cowan (Feb 05)
- RE: Hypothetical design question ljknews (Feb 01)