Secure Coding mailing list archives

Re: Re: Application Sandboxing, communication limiting, etc.

From: Crispin Cowan <crispin () immunix com>
Date: Sat, 13 Mar 2004 13:40:53 +0000


Jose Nazario wrote:


SELinux. LIDS. systrace (Linux, BSD, MacOS X). a few things on FreeBSD i
can't recall.

SubDomain predates all of these except for SELinux (which has roots that 
go back nearly 20 years) and LIDS got design elements from SubDomain.


To be fair, similar designs pre-dating SubDomain include Janus 
(Goldberg, Wagner, et al, USENIX Security 1996) and TRON (Berman et al, 
USENIX Winter Conference 1995).



i dont know what exists for the average user on Windows at the application
level,

Long ago, Aladdin's "eSafe" product included a desktop component that 
controlled what resources a given application could access. More 
recently, "personal firewall" products like Zone Alarm have included 
that kind of functionality.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/

Current thread:

RE: Opinion re an interesting article on Linux security in Linux Journal, (continued)
- - - RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
    - Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
  - Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
  - Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
    - Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
    - Re: Comparison of SubDomain, SELinux and systrace Jared W. Robinson (Mar 16)
  - Re: Opinion re an interesting article on Linux security in Linux Journal Martin Stricker (Mar 11)