Catalog Home Page

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Schreuders, Z.C., McGill, T. and Payne, C. (2013) The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls. Computers & Security, 32 . pp. 219-241.

[img]
Preview
PDF - Authors' Version
Download (326kB) | Preview
    Link to Published Version: http://dx.doi.org/10.1016/j.cose.2012.09.007
    *Subscription may be required

    Abstract

    Under most widely-used security mechanisms the programs users run possess more authority than is strictly necessary, with each process typically capable of utilising all of the user's privileges. Consequently such security mechanisms often fail to protect against contemporary threats, such as previously unknown ('zero-day') malware and software vulnerabilities, as processes can misuse a user's privileges to behave maliciously. Application restrictions and sandboxes can mitigate threats that traditional approaches to access control fail to prevent by limiting the authority granted to each process. This developing field has become an active area of research, and a variety of solutions have been proposed. However, despite the seriousness of the problem and the security advantages these schemes provide, practical obstacles have restricted their adoption. This paper describes the motivation for application restrictions and sandboxes, presenting an in-depth review of the literature covering existing systems. This is the most comprehensive review of the field to date. The paper outlines the broad categories of existing application-oriented access control schemes, such as isolation and rule-based schemes, and discusses their limitations. Adoption of these schemes has arguably been impeded by workflow, policy complexity, and usability issues. The paper concludes with a discussion on areas for future work, and points a way forward within this developing field of research with recommendations for usability and abstraction to be considered to a further extent when designing application-oriented access controls.

    Publication Type: Journal Article
    Murdoch Affiliation: School of Information Technology
    Publisher: Elsevier Limited
    Copyright: © 2012 Elsevier Ltd.
    URI: http://researchrepository.murdoch.edu.au/id/eprint/12118
    Item Control Page

    Downloads

    Downloads per month over past year