Playing in the Sandbox: A Study on the Usability of Seccomp
- URL: http://arxiv.org/abs/2506.10234v1
- Date: Wed, 11 Jun 2025 23:27:16 GMT
- Title: Playing in the Sandbox: A Study on the Usability of Seccomp
- Authors: Maysara Alhindi, Joseph Hallett,
- Abstract summary: We report a usability trial with 7 experienced Seccomp developers exploring how they approached sandboxing an application.<n>We highlight many challenges of using Seccomp, the sandboxing designs by the participants, and what developers think would make it easier for them to sandbox applications effectively.
- Score: 0.8594140167290099
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Sandboxing restricts what applications do, and prevents exploited processes being abused; yet relatively few applications get sandboxed: why? We report a usability trial with 7 experienced Seccomp developers exploring how they approached sandboxing an application and the difficulties they faced. The developers each approached sandboxing the application differently and each came to different solutions. We highlight many challenges of using Seccomp, the sandboxing designs by the participants, and what developers think would make it easier for them to sandbox applications effectively.
Related papers
- Quantifying Frontier LLM Capabilities for Container Sandbox Escape [1.6245103041408155]
Large language models (LLMs) increasingly act as autonomous agents, using tools to execute code, read and write files, and access networks.<n>To mitigate these risks, agents are commonly deployed and evaluated in isolated "sandbox" environments.<n>We introduce SANDBOXESCAPEBENCH, an open benchmark that safely measures an LLM's capacity to break out of these sandboxes.
arXiv Detail & Related papers (2026-03-01T22:47:39Z) - LLM-in-Sandbox Elicits General Agentic Intelligence [142.7174116109795]
We introduce LLM-in-Sandbox, enabling LLMs to explore within a code sandbox (i.e., a virtual computer) to elicit general intelligence in non-code domains.<n>We show that strong LLMs, without additional training, exhibit generalization capabilities to leverage the code sandbox for non-code tasks.<n>Experiments demonstrate that LLM-in-Sandbox, in both training-free and post-trained settings, achieves robust generalization spanning mathematics, physics, chemistry, biomedicine, long-context understanding, and instruction following.
arXiv Detail & Related papers (2026-01-22T18:57:09Z) - AutoCode: LLMs as Problem Setters for Competitive Programming [94.71566758494787]
We introduce AutoCode, which uses multiple rounds of validation to yield competition-grade problem statements and test cases.<n>On held-out problems, AutoCode test suites approach 99% consistency with official judgments.
arXiv Detail & Related papers (2025-09-29T17:59:03Z) - SandCell: Sandboxing Rust Beyond Unsafe Code [14.279471205248532]
Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time.<n>Various approaches for isolating unsafe code to protect safe Rust from vulnerabilities have been proposed.<n>This paper presents SandCell for flexible and lightweight isolation in Rust by leveraging existing syntactic boundaries.
arXiv Detail & Related papers (2025-09-28T19:01:51Z) - Threadbox: Sandboxing for Modular Security [0.8594140167290099]
Threadbox is a sandboxing mechanism that enables having modular and independent sandboxes.<n>We present case studies to illustrate the applicability of the idea and discuss its limitations.
arXiv Detail & Related papers (2025-06-30T10:04:38Z) - WildTeaming at Scale: From In-the-Wild Jailbreaks to (Adversarially) Safer Language Models [66.34505141027624]
We introduce WildTeaming, an automatic LLM safety red-teaming framework that mines in-the-wild user-chatbot interactions to discover 5.7K unique clusters of novel jailbreak tactics.
WildTeaming reveals previously unidentified vulnerabilities of frontier LLMs, resulting in up to 4.6x more diverse and successful adversarial attacks.
arXiv Detail & Related papers (2024-06-26T17:31:22Z) - Multi-Player Approaches for Dueling Bandits [58.442742345319225]
We show that the direct use of a Follow Your Leader black-box approach matches the lower bound for this setting.<n>We also analyze a message-passing fully distributed approach with a novel Condorcet-winner recommendation protocol.
arXiv Detail & Related papers (2024-05-25T10:25:48Z) - Sandboxing Adoption in Open Source Ecosystems [0.8594140167290099]
This study looks at the use of sandboxing mechanisms in four open-source operating systems.
It reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation.
It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.
arXiv Detail & Related papers (2024-05-10T12:52:46Z) - Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments [7.753621963239778]
We investigate the possibility of fingerprinting containers through CPU frequency reporting sensors in Intel and AMD CPUs.
We demonstrate that Docker images exhibit a unique frequency signature, enabling the distinction of different containers with up to 84.5% accuracy.
Our empirical results show that these attacks can also be carried out successfully against all of these sandboxes in less than 40 seconds.
arXiv Detail & Related papers (2024-04-16T16:45:47Z) - On the Feasibility of CubeSats Application Sandboxing for Space Missions [2.3428299074204157]
This paper details our journey in designing and selecting a suitable application sandboxing mechanism for a satellite under development.
Central to our study is the development of selection criteria for sandboxing and assessing its appropriateness for our satellite payload.
We also test our approach on two already operational satellites, Suchai and SALSAT, to validate its effectiveness.
arXiv Detail & Related papers (2024-04-05T14:23:49Z) - SoK: An Essential Guide For Using Malware Sandboxes In Security Applications: Challenges, Pitfalls, and Lessons Learned [9.24505310582519]
This paper systematizes 84 representative papers for using x86/64 malware sandboxes in the academic literature.
We propose a novel framework to simplify sandbox components and organize the literature to derive practical guidelines for using sandboxes.
arXiv Detail & Related papers (2024-03-24T21:41:41Z) - An Exploratory Study on the Evidence of Hackathons' Role in Solving OSS
Newcomers' Challenges [54.56931759953522]
We aim to understand and discuss the challenges newcomers face when joining an OSS project.
We collect evidence on how hackathons were used to address those challenges.
arXiv Detail & Related papers (2023-05-16T15:40:19Z) - DIAMBRA Arena: a New Reinforcement Learning Platform for Research and
Experimentation [91.3755431537592]
This work presents DIAMBRA Arena, a new platform for reinforcement learning research and experimentation.
It features a collection of high-quality environments exposing a Python API fully compliant with OpenAI Gym standard.
They are episodic tasks with discrete actions and observations composed by raw pixels plus additional numerical values.
arXiv Detail & Related papers (2022-10-19T14:39:10Z) - Differentiable Open-Ended Commonsense Reasoning [80.94997942571838]
We study open-ended commonsense reasoning (OpenCSR) using as a resource only a corpus of commonsense facts written in natural language.
As an approach to OpenCSR, we propose DrFact, an efficient Differentiable model for multi-hop Reasoning over knowledge Facts.
arXiv Detail & Related papers (2020-10-24T10:07:00Z) - Competing Bandits: The Perils of Exploration Under Competition [99.68537519404727]
We study the interplay between exploration and competition on online platforms.
We find that stark competition induces firms to commit to a "greedy" bandit algorithm that leads to low welfare.
We investigate two channels for weakening the competition: relaxing the rationality of users and giving one firm a first-mover advantage.
arXiv Detail & Related papers (2020-07-20T14:19:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.