N. Provos. 12th USENIX Security Symposium, (August 2003)
Abstract
We introduce a system that eliminates the need to
run programs in privileged process contexts. Using our
system, programs run unprivileged but may execute certain
operations with elevated privileges as determined
by a configurable policy eliminating the need for suid
or sgid binaries. We present the design and analysis
of the “Systrace” facility which supports fine grained
process confinement, intrusion detection, auditing and
privilege elevation. It also facilitates the often difficult
process of policy generation. With Systrace, it is
possible to generate policies automatically in a training
session or generate them interactively during program
execution. The policies describe the desired behavior of
services or user applications on a system call level and
are enforced to prevent operations that are not explicitly
permitted. We show that Systrace is efficient and
does not impose significant performance penalties.
%0 Journal Article
%1 systrace2003
%A Provos, Niels
%D 2003
%J 12th USENIX Security Symposium
%K security sysadmin systrace
%P 15
%T Improving Host Security with System Call Policies
%U http://niels.xtdnet.nl/papers/systrace.pdf
%X We introduce a system that eliminates the need to
run programs in privileged process contexts. Using our
system, programs run unprivileged but may execute certain
operations with elevated privileges as determined
by a configurable policy eliminating the need for suid
or sgid binaries. We present the design and analysis
of the “Systrace” facility which supports fine grained
process confinement, intrusion detection, auditing and
privilege elevation. It also facilitates the often difficult
process of policy generation. With Systrace, it is
possible to generate policies automatically in a training
session or generate them interactively during program
execution. The policies describe the desired behavior of
services or user applications on a system call level and
are enforced to prevent operations that are not explicitly
permitted. We show that Systrace is efficient and
does not impose significant performance penalties.
@article{systrace2003,
abstract = {We introduce a system that eliminates the need to
run programs in privileged process contexts. Using our
system, programs run unprivileged but may execute certain
operations with elevated privileges as determined
by a configurable policy eliminating the need for suid
or sgid binaries. We present the design and analysis
of the “Systrace” facility which supports fine grained
process confinement, intrusion detection, auditing and
privilege elevation. It also facilitates the often difficult
process of policy generation. With Systrace, it is
possible to generate policies automatically in a training
session or generate them interactively during program
execution. The policies describe the desired behavior of
services or user applications on a system call level and
are enforced to prevent operations that are not explicitly
permitted. We show that Systrace is efficient and
does not impose significant performance penalties.},
added-at = {2007-03-17T18:20:29.000+0100},
author = {Provos, Niels},
biburl = {https://www.bibsonomy.org/bibtex/2d13fa28ad1e0af5beb8e83b469bb663b/mobileink},
description = {systrace},
interhash = {66773f1af8034d56b42008c345b994fd},
intrahash = {d13fa28ad1e0af5beb8e83b469bb663b},
journal = {12th USENIX Security Symposium},
keywords = {security sysadmin systrace},
month = {August},
pages = 15,
timestamp = {2007-03-17T18:20:29.000+0100},
title = {Improving Host Security with System Call Policies},
url = {http://niels.xtdnet.nl/papers/systrace.pdf},
year = 2003
}