Sandbox System Call API for Linux


This project was created by me (Dave Peterson) while I was a graduate student in Computer Science at the University of California, Davis. It served as my master's thesis. The goals were to design a system call API that serves as a simple yet powerful mechanism for confining untrusted programs, and to develop a prototype implementation for performance evaluation.

I finished working on the project in late 2002 and submitted my master's thesis in early 2003. Since then I have left the university and taken a software development job in the San Francisco Bay Area. Although I no longer work on the project, the code is available for download. The prototype is mostly finished. However, the code needs a good deal of cleanup and privilege checking kernel hooks are present in only a limited number of places. Anyone who is interested in picking up where I left off is welcome to do so.

Design Overview

The sandbox system call API is conceptually similar to chroot() and BSD jails. However, it has much greater flexibility and expressive power. Here are some of its key features: My master's thesis provides a more complete description of the design and its its motivations.

Future Work

My master's thesis provides a detailed discussion of ideas for future improvements. Below are brief high-level descriptions of a couple of ideas:


Currently, the best documentation available is my master's thesis [PDF] [PS] [BIBTEX]. There is also a paper [PDF] [PS] [HTML] [BIBTEX] that I presented at the 11th USENIX Security Symposium in San Francisco (August 5-9, 2002).

Obtaining the Code

Click here to obtain the source code.

Contact Information

My email address is dave at dspeterson dot com. Logo Home