Translating security policy to executable code for sandboxing linux kernel

Mohanty, Hrushikesha; Venkataswamy, M.; Ramaswamy, Srini; Shyamasundar, R. K.

Translating security policy to executable code for sandboxing linux kernel

Date

2009-12-01

Authors

Mohanty, Hrushikesha

Venkataswamy, M.

Ramaswamy, Srini

Shyamasundar, R. K.

Abstract

Model based intrusion detection mechanisms have produced encouraging results for reduced false alarms. This paper extends our earlier work, where we reported for sandboxing Linux 2.6 using code generated from policies. Here we pursue the problem of code generation from a set of policies extracted from a domain model. Such a technique can support the safeguarding of system resources. We also present some of the features of the tool currently under development to automate the sandboxing process. © 2009 IEEE.

Keywords

Code generator, Linux kernel, Sandboxing

Citation

EMS 2009 - UKSim 3rd European Modelling Symposium on Computer Modelling and Simulation

URI

10.1109/EMS.2009.42
http://ieeexplore.ieee.org/document/5358813/
https://dspace.uohyd.ac.in/handle/1/8860

Collections

Computer and Information Sciences - Publications

Full item page