应用沙盒技术综述

Proceedings of the 18th International Conference on Computer Systems and Technologies Pub Date : 2017-06-23 DOI:10.1145/3134302.3134312

S. Laurén, Sampsa Rauti, V. Leppänen

{"title":"应用沙盒技术综述","authors":"S. Laurén, Sampsa Rauti, V. Leppänen","doi":"10.1145/3134302.3134312","DOIUrl":null,"url":null,"abstract":"The principle of least privilege states that components in a system should only be allowed to perform actions that are required for them to function. The wish to limit what programs can access has given rise to a set of application-level sandboxing solutions. In this paper, we survey recent research on application-level sandboxing. We discuss the properties of the major implementations and highlight the key differences between them. In addition, we show how recent features in mainline Linux kernel have altered the sandboxing landscape.","PeriodicalId":131196,"journal":{"name":"Proceedings of the 18th International Conference on Computer Systems and Technologies","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A Survey on Application Sandboxing Techniques\",\"authors\":\"S. Laurén, Sampsa Rauti, V. Leppänen\",\"doi\":\"10.1145/3134302.3134312\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The principle of least privilege states that components in a system should only be allowed to perform actions that are required for them to function. The wish to limit what programs can access has given rise to a set of application-level sandboxing solutions. In this paper, we survey recent research on application-level sandboxing. We discuss the properties of the major implementations and highlight the key differences between them. In addition, we show how recent features in mainline Linux kernel have altered the sandboxing landscape.\",\"PeriodicalId\":131196,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Computer Systems and Technologies\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Computer Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3134302.3134312\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Computer Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3134302.3134312","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

最小特权原则指出，应该只允许系统中的组件执行其功能所需的操作。限制程序可以访问的内容的愿望产生了一组应用程序级沙箱解决方案。本文对应用层沙盒的最新研究进行了综述。我们将讨论主要实现的属性，并强调它们之间的主要区别。此外，我们还展示了主流Linux内核中的最新特性如何改变了沙箱环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Survey on Application Sandboxing Techniques

The principle of least privilege states that components in a system should only be allowed to perform actions that are required for them to function. The wish to limit what programs can access has given rise to a set of application-level sandboxing solutions. In this paper, we survey recent research on application-level sandboxing. We discuss the properties of the major implementations and highlight the key differences between them. In addition, we show how recent features in mainline Linux kernel have altered the sandboxing landscape.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 18th International Conference on Computer Systems and Technologies

自引率

0.00%

发文量