Systrace

A tool that enforces system call policies for applications by constraining the application's access to the system.
Download

Systrace Ranking & Summary

Advertisement

  • Rating:
  • License:
  • BSD License
  • Price:
  • FREE
  • Publisher Name:
  • Niels Provos
  • Publisher web site:
  • http://monkey.org/~provos/scanssh/

Systrace Tags


Systrace Description

A tool that enforces system call policies for applications by constraining the application's access to the system. The policy is generated interactively. Operations not covered by the policy raise an alarm, allowing an user to refine the currently configured policy.For complicated applications, it is difficult to know the correct policy before running them. Initially, Systrace notifies the user about all system calls that an application tries to execute. The user configures a policy for the specific system call that caused the warning. After a few minutes, a policy is generated that allows the application to run without any warnings. However, events that are not covered still generate a warning. Normally, that is an indication of a security problem. Systrace improves cyber security by providing intrusion prevention.Alternatively, policies can be learned automatically. In many instances, the automatically learned policies can be used for sandboxing immediately. Sometimes, minimal manual post-processing is necessary.With Systrace, untrusted binary applications can be sandboxed. Their access to the system can be restricted almost arbitrarily. Sandboxing applications that are available only as binaries is only sensible, as it is not possible to directly analyze what they are designed to do. However, constraining the system calls that large open-source applications are allowed to execute is useful too, as it is very difficult to determine their correctness.System call arguments can be rewritten dynamically. This effects a virtual chroot for the sandboxed application. It also prevents race conditions in the argument evaluation. Here are some key features of "Systrace": · Confines untrusted binary applications. · Interactive Policy Generation with Graphical User Interface. Supports different emulations: · GNU/Linux, BSDI, etc.. · System Call Argument Rewriting. · Non-interactive Policy Enforcement. · Remote Monitoring and Intrusion Detection. · Privilege Elevation: Add-on capabilities. Requirements: · libevent What's New in This Release: · prevent a 32-bit program from mapping in 64-bit system calls; from Chris Evans · support 64-bit Linux on ptrace


Systrace Related Software

About SoftwareSea