The following paper was originally published in the Proceedings of the Sixth USENIX UNIX Security Symposium San Jose, California, July 1996. A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker) Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer Computer Science Division University of California, Berkeley For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email:
[email protected] 4. WWW URL: http://www.usenix.org A Secure Environment for Untruste d Help er Applications Con ningtheWilyHacker Ian Goldb erg David Wagner Randi Thomas Er ic A. Brewer fiang,daw,randit,
[email protected] University of California, Berkeley cious programs to spawn pro ce ss e s andto read or Ab stract wr iteanunsusp ecting us er's le s [15,18,19,34,36]. Whatisnee ded in thi s new environment, then, i s Manypopular programs, suchasNetscap e, us e un- protection for all re source s on a us er's system f rom trusted help er applications to pro ce ss data f rom the thi s threat. network. Unfortunately,theunauthenticated net- workdatathey interpret could well have b een cre- Our aim i s tocon netheuntrusted software anddata ated byanadversary,andthehelp er applications are by monitor ingand re str ictingthe system calls it p er- 1 usually to o complex to b e bug-f ree. Thi s rai s e s s ig- forms. We builtJanus , a s ecure environment for ni cant s ecur ity concer ns. Therefore, it i s de s irable untrusted help er applications, bytaking advantage to create a s ecure environmenttocontain untrusted of the Solar i s pro ce ss tracing f acility.