Sandboxing Adoption in Open Source Ecosystems
- URL: http://arxiv.org/abs/2405.06447v2
- Date: Mon, 13 May 2024 17:14:14 GMT
- Title: Sandboxing Adoption in Open Source Ecosystems
- Authors: Maysara Alhindi, Joseph Hallett,
- Abstract summary: This study looks at the use of sandboxing mechanisms in four open-source operating systems.
It reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation.
It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.
- Score: 0.8594140167290099
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Sandboxing mechanisms allow developers to limit how much access applications have to resources, following the least-privilege principle. However, it's not clear how much and in what ways developers are using these mechanisms. This study looks at the use of Seccomp, Landlock, Capsicum, Pledge, and Unveil in all packages of four open-source operating systems. We found that less than 1% of packages directly use these mechanisms, but many more indirectly use them. Examining how developers apply these mechanisms reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation. It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.
Related papers
- Threadbox: Sandboxing for Modular Security [0.8594140167290099]
Threadbox is a sandboxing mechanism that enables having modular and independent sandboxes.<n>We present case studies to illustrate the applicability of the idea and discuss its limitations.
arXiv Detail & Related papers (2025-06-30T10:04:38Z) - Playing in the Sandbox: A Study on the Usability of Seccomp [0.8594140167290099]
We report a usability trial with 7 experienced Seccomp developers exploring how they approached sandboxing an application.<n>We highlight many challenges of using Seccomp, the sandboxing designs by the participants, and what developers think would make it easier for them to sandbox applications effectively.
arXiv Detail & Related papers (2025-06-11T23:27:16Z) - A Dictionary of Closed-Form Kernel Mean Embeddings [48.67713382782237]
We provide a comprehensive dictionary of known kernel mean embeddings, along with practical tools for deriving new embeddings from known ones.
We also provide a Python library that includes minimal implementations of the embeddings.
arXiv Detail & Related papers (2025-04-26T07:33:30Z) - Using Mechanistic Interpretability to Craft Adversarial Attacks against Large Language Models [1.6112718683989882]
We introduce a novel white-box approach for creating adversarial perturbations against LLMs.
We first identify acceptance subspaces - sets of feature vectors that do not trigger the model's refusal mechanisms.
We then use gradient-based optimization to reroute embeddings from refusal subspaces to acceptance subspaces, effectively achieving jailbreaks.
arXiv Detail & Related papers (2025-03-08T16:29:45Z) - A Systematic Literature Review on Automated Exploit and Security Test Generation [14.528323751981794]
We identify a list of exploit generation techniques from literature and group them into four categories: automated exploit generation, security testing, fuzzing, and other techniques.
Most of the techniques focus on the memory-based vulnerabilities in C/C++ programs and web-based injection vulnerabilities in PHP and Java applications.
arXiv Detail & Related papers (2025-02-07T14:19:56Z) - SoK: Understanding zk-SNARKs: The Gap Between Research and Practice [12.706199263238192]
We provide a comprehensive study of zk-SNARK, from theory to practice, pinpointing gaps and limitations.
We first present a master recipe that unifies the main steps in converting a program into a zk-SNARK.
We survey over 40 zk-SNARKs since 2013 and provide a reference table listing their categories and properties.
arXiv Detail & Related papers (2025-02-04T15:06:58Z) - Fundamental Risks in the Current Deployment of General-Purpose AI Models: What Have We (Not) Learnt From Cybersecurity? [60.629883024152576]
Large Language Models (LLMs) have seen rapid deployment in a wide range of use cases.
OpenAIs Altera are just a few examples of increased autonomy, data access, and execution capabilities.
These methods come with a range of cybersecurity challenges.
arXiv Detail & Related papers (2024-12-19T14:44:41Z) - OpenViewer: Openness-Aware Multi-View Learning [22.31635020800168]
Multi-view learning methods leverage multiple data sources to enhance perception by mining correlations across views.
deploying these models in real-world scenarios presents two primary openness challenges.
We propose OpenViewer, an openness-aware multi-view learning framework with theoretical support.
arXiv Detail & Related papers (2024-12-17T06:54:54Z) - Jailbreak Attacks and Defenses against Multimodal Generative Models: A Survey [50.031628043029244]
Multimodal generative models are susceptible to jailbreak attacks, which can bypass built-in safety mechanisms and induce the production of potentially harmful content.
This survey reviews jailbreak and defense in multimodal generative models.
arXiv Detail & Related papers (2024-11-14T07:51:51Z) - SoK: An Essential Guide For Using Malware Sandboxes In Security Applications: Challenges, Pitfalls, and Lessons Learned [9.24505310582519]
This paper systematizes 84 representative papers for using x86/64 malware sandboxes in the academic literature.
We propose a novel framework to simplify sandbox components and organize the literature to derive practical guidelines for using sandboxes.
arXiv Detail & Related papers (2024-03-24T21:41:41Z) - Open-world Machine Learning: A Review and New Outlooks [83.6401132743407]
This paper aims to provide a comprehensive introduction to the emerging open-world machine learning paradigm.
It aims to help researchers build more powerful AI systems in their respective fields, and to promote the development of artificial general intelligence.
arXiv Detail & Related papers (2024-03-04T06:25:26Z) - Finding Software Vulnerabilities in Open-Source C Projects via Bounded
Model Checking [2.9129603096077332]
We advocate that bounded model-checking techniques can efficiently detect vulnerabilities in general software systems.
We have developed and evaluated a methodology to verify large software systems using a state-of-the-art bounded model checker.
arXiv Detail & Related papers (2023-11-09T11:25:24Z) - Refined Mechanism Design for Approximately Structured Priors via Active
Regression [50.71772232237571]
We consider the problem of a revenue-maximizing seller with a large number of items for sale to $n$ strategic bidders.
It is well-known that optimal and even approximately-optimal mechanisms for this setting are notoriously difficult to characterize or compute.
arXiv Detail & Related papers (2023-10-11T20:34:17Z) - Weakening Assumptions for Publicly-Verifiable Deletion [79.61363884631021]
We develop a simple compiler that generically adds publicly-verifiable deletion to a variety of cryptosystems.
Our compiler only makes use of one-way functions.
arXiv Detail & Related papers (2023-04-19T17:51:28Z) - OpenGridGym: An Open-Source AI-Friendly Toolkit for Distribution Market
Simulation [6.545664750394246]
OpenGridGym is an open-source Python-based package that allows for seamless integration of distribution market simulation with state-of-the-art artificial intelligence (AI) decision-making algorithms.
Four modules are used in any simulation: (1) the physical grid, (2) market mechanisms, (3) a set of trainable agents which interact with the former two modules, and (4) environment module that connects and coordinates the above four.
Case studies are presented to illustrate the capability and potential of this toolkit in helping researchers address key design and operational questions in distribution electricity markets.
arXiv Detail & Related papers (2022-03-06T07:03:05Z) - CoreDiag: Eliminating Redundancy in Constraint Sets [68.8204255655161]
We present a new algorithm which can be exploited for the determination of minimal cores (minimal non-redundant constraint sets)
The algorithm is especially useful for distributed knowledge engineering scenarios where the degree of redundancy can become high.
In order to show the applicability of our approach, we present an empirical study conducted with commercial configuration knowledge bases.
arXiv Detail & Related papers (2021-02-24T09:16:10Z) - Towards Utility-based Prioritization of Requirements in Open Source
Environments [51.65930505153647]
We show how utility-based prioritization approaches can be used to support contributors in conventional and open source Requirements Engineering scenarios.
As an example, we show how dependencies can be taken into account in utility-based prioritization processes.
arXiv Detail & Related papers (2021-02-17T09:05:54Z) - Reinforcement Learning of Sequential Price Mechanisms [24.302600030585275]
We introduce the use of reinforcement learning for indirect mechanisms, working with the existing class of sequential price mechanisms.
We show that our approach can learn optimal or near-optimal mechanisms in several experimental settings.
arXiv Detail & Related papers (2020-10-02T19:57:25Z) - Blackbox Trojanising of Deep Learning Models : Using non-intrusive
network structure and binary alterations [0.0]
This research explores a novel blackbox trojanising approach using a simple network structure modification to any deep learning image classification model.
It highlights the importance of providing sufficient safeguards to these models so that the intended good of AI innovation and adoption may be protected.
arXiv Detail & Related papers (2020-08-02T06:33:47Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.