Threadbox: Sandboxing for Modular Security
Maysara Alhindi, Joseph Hallett
TL;DR
Threadbox introduces a modular sandboxing mechanism that allows independent sandboxes for threads and functions, addressing challenges in applying traditional sandboxing to diverse applications.
Contribution
The paper proposes Threadbox, a novel sandboxing approach enabling modular and independent sandboxes for threads and functions, improving flexibility and applicability.
Findings
Case studies demonstrate Threadbox's applicability.
Threadbox effectively isolates application components.
Limitations of Threadbox are discussed.
Abstract
There are many sandboxing mechanisms provided by operating systems to limit what resources applications can access, however, sometimes the use of these mechanisms requires developers to refactor their code to fit the sandboxing model. In this work, we investigate what makes existing sandboxing mechanisms challenging to apply to certain types of applications, and propose Threadbox, a sandboxing mechanism that enables having modular and independent sandboxes, and can be applied to threads and sandbox specific functions. We present case studies to illustrate the applicability of the idea and discuss its limitations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Software Engineering Methodologies · Advanced Malware Detection Techniques