CFP last date
20 January 2025
Reseach Article

An Application Sandbox Model based on Partial Virtualization of Hard-Disk and a Possible Windows Implementation

by Jasmeet Singh, Khalid Hussain, Akshat Aggrawal
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 57 - Number 7
Year of Publication: 2012
Authors: Jasmeet Singh, Khalid Hussain, Akshat Aggrawal
10.5120/9126-3293

Jasmeet Singh, Khalid Hussain, Akshat Aggrawal . An Application Sandbox Model based on Partial Virtualization of Hard-Disk and a Possible Windows Implementation. International Journal of Computer Applications. 57, 7 ( November 2012), 16-21. DOI=10.5120/9126-3293

@article{ 10.5120/9126-3293,
author = { Jasmeet Singh, Khalid Hussain, Akshat Aggrawal },
title = { An Application Sandbox Model based on Partial Virtualization of Hard-Disk and a Possible Windows Implementation },
journal = { International Journal of Computer Applications },
issue_date = { November 2012 },
volume = { 57 },
number = { 7 },
month = { November },
year = { 2012 },
issn = { 0975-8887 },
pages = { 16-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume57/number7/9126-3293/ },
doi = { 10.5120/9126-3293 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:59:49.334810+05:30
%A Jasmeet Singh
%A Khalid Hussain
%A Akshat Aggrawal
%T An Application Sandbox Model based on Partial Virtualization of Hard-Disk and a Possible Windows Implementation
%J International Journal of Computer Applications
%@ 0975-8887
%V 57
%N 7
%P 16-21
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The proposed concept is of an Application Sandbox Model that restricts any malicious code from making changes to the actual system hard-disk by using a counterfeit Virtual Hard-Disk. The applications initiated using this Sandbox are allowed to read any file from the real hard disk but when they need to make changes(write) to any file then the Sandbox copies that file from the real hard disk to a Virtual Hard-Disk Space and then makes changes to this counterfeit copy of the file. For every future access request (read or write) of the same file only this counterfeit copy shall be referred. In this way it both ensures the normal & complete execution of the application initiated using the Sandbox and simultaneously protects the real hard disk file system from any potentially harmful changes. This paper discusses about the concept, design and a possible Windows Implementation of such an Application Sandbox Model.

References
  1. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, "Efficient software-based fault isolation," in Proceedings of the Symposium on Operating System Principles, 1993.
  2. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer, "A secure environment for untrusted helper applications: confining the wily 34505 hacker," in Proceedings of the 1996 USENIX Security Symposium, 1996.
  3. N. Provos, "Improving host security with system call policies," in Proceedings of the 12th USENIX Security Symposium, pp. 257-273, August 2003.
  4. A. Kurchuk and A. D. Keromytis, "Recursive sandboxes: extending systrace to empower applications," in SEC, pp. 473-488, August 2004.
  5. S. Miwa, T. Miyachi, and M. Eto, "Design and implementation of an isolated sandbox with mimetic internet used to analyze malwares," in Proceedings of the DETER Community Workshop on Cyber-Security and Test, 2007.
  6. T. Khatiwala, R. Swaminathan, and V. N. Venkatakrishnan, "Data sandboxing: a technique for enforcing confidentiality policies," in Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 223-234, 2006.
  7. T. Garfinkel, B. Pfaff, and M. Rosenblum, "Ostia: a delegating architecture for secure system call interposition," in Proceedings of the 11th Annual Symposium on Network and Distributed System Security, February 2004.
  8. Y. Oyama, K. Onoue, and A. Yonezawa, "Speculative security checks in sandboxing systems," in Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium, April 2005.
  9. T. Shioya, Y. Oyama, and H. Iwasaki, "A sandbox with a dynamic policy based on execution contexts of applications," ASIAN' 2007, pp. 297-311, 2007.
  10. Zhen Li, Jun-Feng Tian, Feng-Xian Wang, "Sandbox System Based on Role and Virtualization", 2009 International Symposium on Information Engineering and Electronic Commerce, pp. 342-246.
  11. Jeffrey Richter, Christophe Nasarre, "Windows via C/C++", Microsoft Press, WB Publisher, India, 2008.
  12. Mark E. Russinovich, David A. Solomon, Alex Lonescu, "Windows Internals 5th Edition", Microsoft Press, WB Publisher, India, 2009.
Index Terms

Computer Science
Information Sciences

Keywords

Virtualization sandboxing security system calls interception Input/output Request Packet virtual hard-disk