Application Sandboxing for Linux Desktops: A User-friendly Approach
Lukas Brodschelm, Marcus Gelderie
2022
Abstract
Sandboxes are a proven tool to isolate processes from the overall system. Although desktop computers face significant risks, there is no widely adopted way to use sandboxes on the Linux desktops, since sandboxing on desktop PCs is more challenging. We name the specific challenges for the Linux desktop and derive requirements that we argue are essential for widespread adoption of any sandbox solution. We then introduce a concept to isolate Linux desktop software using UIDs and GIDs as well as namespace-based sandboxes. Furthermore, we provide a PoC implementation including sandbox profiles for example applications. Based on this, we conducted a survey to assess the usability of our sandboxing concept. We report on the results, analyze the security of our concept, and detail how our sandbox meets the aforementioned requirements.
DownloadPaper Citation
in Harvard Style
Brodschelm L. and Gelderie M. (2022). Application Sandboxing for Linux Desktops: A User-friendly Approach. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 317-324. DOI: 10.5220/0011145800003283
in Bibtex Style
@conference{secrypt22,
author={Lukas Brodschelm and Marcus Gelderie},
title={Application Sandboxing for Linux Desktops: A User-friendly Approach},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={317-324},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011145800003283},
isbn={978-989-758-590-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Application Sandboxing for Linux Desktops: A User-friendly Approach
SN - 978-989-758-590-6
AU - Brodschelm L.
AU - Gelderie M.
PY - 2022
SP - 317
EP - 324
DO - 10.5220/0011145800003283