Topaktas, Cosay Gurkay (2014) Graphical Security Sandbox For Linux Systems. Masters thesis, National University of Ireland Maynooth.
Preview
Topaktas Cosay Gurkay.pdf
Download (1MB) | Preview
Abstract
It has become extremely difficult to distinguish a benign application from a malicious one as the
number of untrusted applications on the Internet increases rapidly every year. In this project,
we develop a lightweight application confinement mechanism for Linux systems in order to aid
most users to increase their confidence in various applications that they stumble upon and use
on a daily basis. Developed sandboxing facility monitors a targeted application’s activity and
imposes restrictions on its access to operating system resources during its execution. Using a
simple but expressive policy language, users are able to create security policies. During the
course of the traced application’s execution, sandboxing facility makes execution decisions
according to the security policy specified and terminates the traced application if necessary.
In the case of an activity that is not covered by the policy, the facility asks for user input
through an user interface with a simple human readable format of the activity and uses that
user input to make execution decisions and to improve the security policy. Our ultimate goal
is to create a facility such that even casual users with minimal technical knowledge can use
the tool without getting overwhelmed by it. We base our tool on system call interposition
which has been a popular research area over the past fifteen years. Developed sandboxing
facility offers an user-friendly, easy to use user-interface. It monitors the given application and
detects activities that might possibly be system intrusions. Moreover, the tool offers logging
and auditing mechanisms for post-execution analysis. We present our evaluation of the tool
in terms of performance and overhead it generates when confining applications. We conclude
that developed system is successful in detecting abnormal application activity according to
specified security policies. It has been obtained that the tool adds a significant overhead to the
target applications. However, this overhead does not pose usability issues as our target domain
is personal use cases with small applications.
Item Type: | Thesis (Masters) |
---|---|
Additional Information: | Taught Masters Thesis for the Erasmus Mundus MSc in Dependable Software Systems |
Keywords: | Graphical Security Sandbox; Linux Systems; |
Academic Unit: | Faculty of Science and Engineering > Computer Science |
Item ID: | 5349 |
Depositing User: | IR eTheses |
Date Deposited: | 03 Sep 2014 15:49 |
URI: | https://mural.maynoothuniversity.ie/id/eprint/5349 |
Use Licence: | This item is available under a Creative Commons Attribution Non Commercial Share Alike Licence (CC BY-NC-SA). Details of this licence are available here |
Repository Staff Only (login required)
Downloads
Downloads per month over past year