190 likes | 327 Views
University of Notre Dame CSE 60641. User-Level Sandboxing with FUSE. Brandon Rich Andrew Blaich. Problem. Protect the file system from abuse. Guiding Principles: Transparency Isolation User input. Solution. System Call Interposition Intercept Analyze Re-route and log activity
E N D
University of Notre DameCSE 60641 User-Level Sandboxing with FUSE Brandon RichAndrew Blaich
Problem • Protect the file system from abuse. • Guiding Principles: • Transparency • Isolation • User input
Solution • System Call Interposition • Intercept • Analyze • Re-route and log activity • Return • Post-execution commit • Using log and execution cache
Components • FUSE • Syscall interposition (free) • Logger • Sandbox • Whole-file copy • Virtual File List • Commit process • Uses log and .sandbox files
3 Cases: 1) Writing a new file2) Writing an existing file3) Reading System-Call USER-Space log call in: log.log OpenReadWriteClose FUSE Kernel /tmp file1.txt file1.txt.sandbox file2.doc
Sandboxing Deletes • No deletes ever take place • VFL entry can be designated “deleted” • Version numbers keep track of future generations of a file
Performance Evaluation • Tests • Andrew Benchmark • Chirp Benchmark • Custom Benchmarks • Three Environments • Unmodified ext3 file system • “Clean” FUSE • Sandboxing FUSE
Andrew Benchmark (Compile Phase 5: Am-utils)
Overhead of Logging vs Sandboxing Chirp Benchmark
Conclusions • System call interposition at the user level is expensive • Disk-based caching is simple but robust • Our approach is effective but could be improved