System Call Sandboxing

Patałuch, J.J.

System Call Sandboxing

Analysis of PWD and NGINX system call policy generation using dynamic and static techniques

Bachelor thesis (2024)

Authors

J.J. Patałuch Electrical Engineering, Mathematics and Computer Science

Contributors

Alexios Voulimeneas Cyber Security - (mentor)

Przemysław Pawełczak Embedded Systems - (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

Syscall Sysfilter Chestnut Strace Nginx Pwd

To reference this document use:

http://resolver.tudelft.nl/uuid:cad585d8-5f4c-4a48-9e23-802c83b17c33

More Info

expand_more

Published Date

27-06-2024

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

System call sandboxing represents a pivotal security measure in the contemporary digital landscape, where reducing the attack surface of applications is crucial to mitigate potential cyber threats. This paper investigates the efficacy of static versus dynamic system call filtering techniques across different execution phases of selected applications, namely PWD and NGINX. Employing automated tools such as sysfilter, and chestnut, we collected comprehensive data through strace to delineate essential system calls required for each application phase. Our analysis compares these results with the policies generated by the automated tools, providing insights into the strengths and limitations of static and dynamic sandboxing methodologies. This study ultimately seeks to refine system call policies and balance robust security with necessary application functionality.

Files

BSc_Thesis_JJ_PATALUCH.pdf

(pdf | 0.181 Mb)

Unknown license