Abstract
Sandboxing mechanisms allow developers to limit how much access applications have to resources, following the least-privilege principle. However, it’s not clear how much and in what ways developers are using these mechanisms. This study looks at the use of Seccomp, Landlock, Capsicum, Pledge, and Unveil in all packages of four open-source operating systems. We found that less than 1% of packages directly use these mechanisms, but many more indirectly use them. Examining how developers apply these mechanisms reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation. It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.
Original language | English |
---|---|
Title of host publication | SESoS '24 |
Subtitle of host publication | Proceedings of the 12th ACM/IEEE International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems |
Publisher | Association for Computing Machinery (ACM) |
Pages | 13-20 |
Number of pages | 8 |
ISBN (Electronic) | 9798400705571 |
ISBN (Print) | 979840070557 |
DOIs | |
Publication status | E-pub ahead of print - 6 Aug 2024 |
Event | SESoS - ICSE 2024: 12th ACM/IEEE International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems - Lisbon, Portugal, Lisbon, Portugal Duration: 14 Apr 2024 → 20 Apr 2024 Conference number: 12th https://conf.researchr.org/home/icse-2024/sesos-2024 |
Workshop
Workshop | SESoS - ICSE 2024 |
---|---|
Abbreviated title | SESoS |
Country/Territory | Portugal |
City | Lisbon |
Period | 14/04/24 → 20/04/24 |
Internet address |
Bibliographical note
Publisher Copyright:© 2024 Copyright is held by the owner/author(s).
Structured keywords
- Cyber Security
Keywords
- Sandboxing
- Operating systems
- Security Mechanisms
- Software Ecosystems
- Sandbox
- Security and human factors