The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Z.C. Schreuders; T. McGill; C. Payne

doi:10.1016/j.cose.2012.09.007

Back

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Journal article

Open access

Peer reviewed

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Z.C. Schreuders, T. McGill and C. Payne

Computers & Security, Vol.32, pp.219-241

2013

DOI: https://doi.org/10.1016/j.cose.2012.09.007

Files and links (2)

pdf

application_restrictions_and_sandboxes.pdfDownload View

Author’s Version Open Access

url

Link to Published Version *Subscription may be requiredView

Abstract

Under most widely-used security mechanisms the programs users run possess more authority than is strictly necessary, with each process typically capable of utilising all of the user's privileges. Consequently such security mechanisms often fail to protect against contemporary threats, such as previously unknown ('zero-day') malware and software vulnerabilities, as processes can misuse a user's privileges to behave maliciously. Application restrictions and sandboxes can mitigate threats that traditional approaches to access control fail to prevent by limiting the authority granted to each process. This developing field has become an active area of research, and a variety of solutions have been proposed. However, despite the seriousness of the problem and the security advantages these schemes provide, practical obstacles have restricted their adoption. This paper describes the motivation for application restrictions and sandboxes, presenting an in-depth review of the literature covering existing systems. This is the most comprehensive review of the field to date. The paper outlines the broad categories of existing application-oriented access control schemes, such as isolation and rule-based schemes, and discusses their limitations. Adoption of these schemes has arguably been impeded by workflow, policy complexity, and usability issues. The paper concludes with a discussion on areas for future work, and points a way forward within this developing field of research with recommendations for usability and abstraction to be considered to a further extent when designing application-oriented access controls.

Details

Title: The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls
Authors/Creators: Z.C. Schreuders (Author/Creator)
T. McGill (Author/Creator)
C. Payne (Author/Creator)
Publication Details: Computers & Security, Vol.32, pp.219-241
Publisher: Elsevier Limited
Identifiers: 991005542909907891
Murdoch Affiliation: School of Information Technology
Language: English
Resource Type: Journal article

Metrics

2116 File views/ downloads

213 Record Views

15 Times Cited - Web of Science

InCites Highlights

These are selected metrics from InCites Benchmarking & Analytics tool, related to this output

Collaboration types: Domestic collaboration; International collaboration
Citation topics: 4 Electrical Engineering, Electronics & Computer Science; 4.187 Security Systems; 4.187.1404 Malware Detection
Web Of Science research areas: Computer Science, Information Systems
ESI research areas: Computer Science