For my final year dissertation, I worked on a project to determine different methods of sandboxing GNU/Linux applications. The below extract is the abstract:
With GNU/Linux distributions gaining adoption, they are becoming more of a lucrative target for hackers. By either targeting existing software, or running their own applications, crackers are putting users increasingly at risk.
Therefore, it is becoming more important to sandbox applications from one another in the interest of security and privacy. Sandboxing should restrict the application from performing any tasks outside their normal working behaviour, and any attempts to overreach will be denied.
This report evaluates the ways that such a system could be comprised by researching a number of different approaches for sandboxing applications. I will follow a natural progression in technical complexity in order to increase my understanding of these different methods and of sandboxing in general. The final deliverable of this project is a conclusion as to which of the researched system(s) should be used as part of such an application sandboxing system.
This project was built using the following technologies:
- C: A general-purpose, imperative programming language.