Sharing of unknown programs creates an atmosphere of untrust and hence exacerbates the need to secure information and physical resources from any alien code. A sandbox approach to execution of such foreign code is proposed in this paper. An alien code is trusted with a set of privileges for accessing logical (e.g., callable functions and services) and physical (e.g., rate and maximum consumption amount of CPU, memory, disk space, etc.) resources via a third party authentication. During installation of any code in the sandbox environment, the associated privileges (per user basis) are stored in a secure area and enforced by the Operating System during execution. The alien code may also access resources defined by other subsystems (e.g., database), and hence, in an integrated environment the subsystem specific privileges are transferred securely to the subsystem for monitoring. A prototype version based on Linux OS code has been developed.
By: Asit Dan, Ajay Mohindra, Rajiv Ramaswami and Dinkar Sitaram
Published in: RC20742 in 1997
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .