New tool automates popular system security technique

By | November 18, 2020
illustration of sandbox with shovel over computer code background
(The Michigan Engineer)

Working with researchers from the University of Texas at Austin, Xinyu Wang, assistant professor of electrical engineering and computer science, co-authored an award-winning paper that demonstrates how to automatically build sandboxing policies to keep a computer system safe. Sandboxing is a software management strategy that isolates applications from critical system resources and other programs.

One common sandbox approach is to restrict which system calls different applications can make. Different operating systems have built-in tools to define policies for system calls, specifying which access patterns are allowed.

However, manually constructing policies is time-consuming and prone to errors. To make these security practices more accessible, Wang and collaborators developed a technique to automatically construct system call policies for an application.