Since we have been on the topic of worms/viruses & UNIX, I thought I'd
mention a neat research project called Janus. It basically provides
a "sandbox" for helper applications by intercepting all the system
calls (syscalls(2)) and restricting their effect.
I don't claim this is necessarily a viable solution to web transmitted
worms in its current state, but it is an interesting idea and may be
close to what we will be doing in the future...
Karl Runge
http://www.cs.berkeley.edu/~daw/janus/
http://sunsite.berkeley.edu/Dienst/UI/2.0/Describe/ncstrl.ucb/CSD-99-1056
Janus: an Approach for Confinement of Untrusted Applications
David A. Wagner CSD-99-1056 August 12, 1999
Security is a serious concern on today's computer networks. Many
applications are not very good at resisting attack, and our
operating systems are not very good at preventing the spread of any
intrusions that may result. In this thesis, we propose to manage the
risk of a security breach by confining these untrusted (and
untrustworthy) applications in a carefully sanitized space. We
design a secure environment for confinement of untrusted
applications by restricting the program's access to the operating
system. In our prototype implementation, we intercept and filter
dangerous system calls via the Solaris process tracing facility.
This enables us to build a simple, clean, user-mode mechanism for
confining untrusted applications. Our implementation has negligible
performance impact, and can protect pre-existing legacy code.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
