Translating Security Policy to Executable Code for Sandboxing Linux Kernel

摘要

Model based intrusion detection mechanisms have produced encouraging results for reduced false alarms. This paper extends our earlier work, where we reported for sandboxing Linux 2.6 using code generated from policies. Here we pursue the problem of code generation from a set of policies extracted from a domain model. Such a technique can support the safeguarding of system resources. We also present some of the features of the tool currently under development to automate the sandboxing process.