Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash 85 tok/s
Gemini 2.5 Pro 48 tok/s Pro
GPT-5 Medium 37 tok/s
GPT-5 High 37 tok/s Pro
GPT-4o 100 tok/s
GPT OSS 120B 473 tok/s Pro
Kimi K2 240 tok/s Pro
2000 character limit reached

Sandboxing Adoption in Open Source Ecosystems (2405.06447v2)

Published 10 May 2024 in cs.SE and cs.CR

Abstract: Sandboxing mechanisms allow developers to limit how much access applications have to resources, following the least-privilege principle. However, it's not clear how much and in what ways developers are using these mechanisms. This study looks at the use of Seccomp, Landlock, Capsicum, Pledge, and Unveil in all packages of four open-source operating systems. We found that less than 1% of packages directly use these mechanisms, but many more indirectly use them. Examining how developers apply these mechanisms reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation. It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (25)
  1. Comparing the usability of cryptographic APIs. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 154–171.
  2. Understanding developers’ privacy and security mindsets via climate theory. Empirical Software Engineering 26 (2021), 1–43.
  3. Bob Beck. 2019. Pledge and Unveil in OpenBSD. Open BSD project (2019).
  4. David Calavera and Lorenzo Fontana. 2019. Linux Observability with BPF: Advanced Programming for Performance Analysis and Networking. O’Reilly Media.
  5. Domain Page-Table Isolation. arXiv preprint arXiv:2111.10876 (2021).
  6. Deno. 2023. Deno permissions. Deno documentation (2023).
  7. Alexander J DeWitt and Jasna Kuljis. 2006. Aligning usability and security: a usability study of Polaris. In Proceedings of the second symposium on Usable privacy and security. 1–7.
  8. Alexander John Anthony George DeWitt. 2007. Usability issues with security of electronic mail. Ph. D. Dissertation. Brunel University, School of Information Systems, Computing and Mathematics.
  9. Stack overflow considered harmful? the impact of copy&paste on android application security. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 121–136.
  10. Matthew Green and Matthew Smith. 2016. Developers are not the enemy!: The need for usable security APIs. IEEE Security & Privacy 14, 5 (2016), 40–46.
  11. Aleksey Kurchuk and Angelos D Keromytis. 2004. Recursive sandboxes: Extending systrace to empower applications. In Security and Protection in Information Processing Systems: IFIP 18 th World Computer Congress TC11 19 th International Information Security Conference 22–27 August 2004 Toulouse, France. Springer, 473–487.
  12. A systematic analysis of the science of sandboxing. PeerJ Computer Science 2 (2016), e43.
  13. OpenBSD documentation. 2021. Unveil system call documentation in OpenBSD. OpenBSD project (2021).
  14. OpenBSD documentation. 2022. Pledge system call documentation in OpenBSD. OpenBSD project (2022).
  15. Usability Smells: An Analysis of {{\{{Developers’}}\}} Struggle With Crypto Libraries. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). 245–257.
  16. Omar Polo. 2021. Comparing sandboxing techniques. https://www.omarpolo.com/post/gmid-sandbox.html
  17. Mickaël Salaün. 2017. Landlock LSM: toward unprivileged sandboxing. Linux Security Summit (2017).
  18. J.H. Saltzer and M.D. Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sep 1975), 1278–1308. https://doi.org/10.1109/PROC.1975.9939
  19. Towards usable application-oriented access controls: qualitative results from a usability study of SELinux, AppArmor and FBAC-LSM. International Journal of Information Security and Privacy (IJISP) 6, 1 (2012), 57–76.
  20. The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls. Computers & Security 32 (2013), 219–241.
  21. Schrödinger’s security: opening the box on app developers’ security rationale. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 149–160.
  22. Capsicum: practical capabilities for UNIX. In 19th USENIX Security Symposium. 17.
  23. Quantifying developers’ adoption of security tools. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. 260–271.
  24. Ka-Ping Yee. 2004. Aligning security and usability. IEEE Security & Privacy 2, 5 (2004), 48–55.
  25. Mariusz Zaborski. 2016. Capsicum and casper-a fairy tale about solving security problems.
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Don't miss out on important new AI/ML research

See which papers are being discussed right now on X, Reddit, and more:

Explore Trending Papers

“Emergent Mind helps me see which AI papers have caught fire online.”

Philip

Philip

Creator, AI Explained on YouTube