{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T13:26:49Z","timestamp":1773322009489,"version":"3.50.1"},"reference-count":56,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCR-0208877CNS-0627687CNS-0551660CNS-0716584"],"award-info":[{"award-number":["CCR-0208877CNS-0627687CNS-0551660CNS-0716584"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CCR-0208877CNS-0627687CNS-0551660CNS-0716584"],"award-info":[{"award-number":["CCR-0208877CNS-0627687CNS-0551660CNS-0716584"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["1.40E+20"],"award-info":[{"award-number":["1.40E+20"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2009,1]]},"abstract":"\n In this article, we present an approach for realizing a\n safe execution environment (SEE)<\/jats:italic>\n that enables users to \u201ctry out\u201d new software (or configuration changes to existing software) without the fear of damaging the system in any manner. A key property of our SEE is that it faithfully reproduces the behavior of applications, as if they were running natively on the underlying (host) operating system. This is accomplished via\n one-way isolation:<\/jats:italic>\n processes running within the SEE are given read-access to the environment provided by the host OS, but their write operations are prevented from escaping outside the SEE. As a result, SEE processes cannot impact the behavior of host OS processes, or the integrity of data on the host OS. SEEs support a wide range of tasks, including: study of malicious code, controlled execution of untrusted software, experimentation with software configuration changes, testing of software patches, and so on. It provides a convenient way for users to inspect system changes made within the SEE. If these changes are not accepted, they can be rolled back at the click of a button. Otherwise, the changes can be committed so as to become visible outside the SEE. We provide consistency criteria that ensure semantic consistency of the committed results. We develop two different implementation approaches, one in\n user-land<\/jats:italic>\n and the other in the\n OS kernel<\/jats:italic>\n , for realizing a safe-execution environment. Our implementation results show that most software, including fairly complex server and client applications, can run successfully within our SEEs. It introduces low performance overheads, typically below 10 percent.\n <\/jats:p>","DOI":"10.1145\/1455526.1455527","type":"journal-article","created":{"date-parts":[[2009,2,4]],"date-time":"2009-02-04T13:01:58Z","timestamp":1233752518000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Alcatraz"],"prefix":"10.1145","volume":"12","author":[{"given":"Zhenkai","family":"Liang","sequence":"first","affiliation":[{"name":"National University of Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weiqing","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Toledo"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V. N.","family":"Venkatakrishnan","sequence":"additional","affiliation":[{"name":"University of Illinois, Chicago"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R.","family":"Sekar","sequence":"additional","affiliation":[{"name":"Stony Brook University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2009,1]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the USENIX Security Symposium (SECURITY\u201900)","author":"Acharya A."},{"key":"e_1_2_1_2_1","unstructured":"Alcatraz. http:\/\/www.seclab.cs.sunysb.edu\/alcatraz. Alcatraz. http:\/\/www.seclab.cs.sunysb.edu\/alcatraz."},{"key":"e_1_2_1_3_1","unstructured":"Bochs. http:\/\/bochs.sourceforge.net. Bochs. http:\/\/bochs.sourceforge.net."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX\u201903)","author":"Brown A."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS\u201901)","author":"Chen P. M."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/850927.851820"},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the USENIX Technical Conference (USENIX\u201992)","author":"Chutani S."},{"key":"e_1_2_1_8_1","volume-title":"Chakravyuha: A sandbox operating system for the controlled execution of alien code. Tech. rep.","author":"Dan A.","year":"1997"},{"key":"e_1_2_1_9_1","unstructured":"Fakebust. Fakebust a malicious code analyzer. http:\/\/www.derkeiler.com\/Mailing-Lists\/securityfocus\/bugtraq\/2004-09\/0251.html. Fakebust. Fakebust a malicious code analyzer. http:\/\/www.derkeiler.com\/Mailing-Lists\/securityfocus\/bugtraq\/2004-09\/0251.html."},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the Annual Network & Distributed Systems Security Conference (NDSS’\u201903)","author":"Garfinkel T.","year":"2003"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095809.1095826"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the USENIX Security Symposium (SECURITY\u201996)","author":"Goldberg I."},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the Annual Network and Distributed System Security (NDSS\u201900)","author":"Jain K."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/784589.784662"},{"key":"e_1_2_1_15_1","volume-title":"Postmark: A new file system benchmark. Tech. rep. TR3022","author":"Katcher J.","year":"1997"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the International Symposium on Software Security (ISSS\u201903)","author":"Kato K."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.4380201304"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/362375.362389"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the Annual Computer Security Applications Conference (ACSAC\u201903)","author":"Liang Z."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/371090.371091"},{"key":"e_1_2_1_22_1","unstructured":"Lofs. Loop back file system. Unix man page. Lofs. Loop back file system. Unix man page."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.888632"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the USENIX Conference on File and Storage Technologies (FAST\u201904)","author":"Muniswamy-Reddy K.-K."},{"key":"e_1_2_1_25_1","unstructured":"Ormandy T. An empirical study into the security exposure to hosts of hostile virtualized environments. http:\/\/taviso.decsystem.org\/virtsec.pdf. Ormandy T. An empirical study into the security exposure to hosts of hostile virtualized environments. http:\/\/taviso.decsystem.org\/virtsec.pdf."},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI\u201902)","author":"Osman S."},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the USENIX Technical Conference on UNIX and Advanced Computing Systems (ACS\u201995)","author":"Pendry J.-S.","year":"1995"},{"key":"e_1_2_1_28_1","volume-title":"July","author":"Pendry J. S.","year":"2003"},{"key":"e_1_2_1_29_1","unstructured":"Peterson Z. and Burns R. 2003. Ext3cow: The design implementation and analysis of metadata for a time-shifting file system. Tech. rep. HSSL-2003-03 Hopkins Storage Systems Lab Department of Computer Science Johns Hopkins University. Peterson Z. and Burns R. 2003. Ext3cow: The design implementation and analysis of metadata for a time-shifting file system. Tech. rep. HSSL-2003-03 Hopkins Storage Systems Lab Department of Computer Science Johns Hopkins University."},{"key":"e_1_2_1_30_1","unstructured":"Picturepages. Picturepages software. http:\/\/www.canonical.org\/picturepages. Picturepages. Picturepages software. http:\/\/www.canonical.org\/picturepages."},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the International Conference on Dependable Systems and Networks (DSN\u201903)","author":"Pilania D."},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the USENIX Annual Technical Conference: FREENIX Track (USENIX\u201901)","author":"Prevelakis V."},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the 11th USENIX Security Symposium (SECURITY\u201903)","author":"Provos N.","year":"2003"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the USENIX Conference on File and Storage Technologies (FAST\u201902)","author":"Quinlan S."},{"key":"e_1_2_1_35_1","unstructured":"ROC. Recovery-oriented computing. http:\/\/roc.cs.berkeley.edu. ROC. Recovery-oriented computing. http:\/\/roc.cs.berkeley.edu."},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the USENIX Technical Conference (USENIX\u201991)","author":"Roome W. D.","year":"1991"},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS\u201999)","author":"Santry D. J."},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the Annual Computer Security Applications Conference (CSAC\u201902)","author":"Scott K."},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the National Information Systems Security Conference (NISSC\u201998)","author":"Sekar R."},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the USENIX Security Symposium (SECURITY\u201999)","author":"Sekar R."},{"key":"e_1_2_1_41_1","unstructured":"SoftGrid. http:\/\/www.microsoft.com\/systemcenter\/softgrid\/default.mspx. SoftGrid. http:\/\/www.microsoft.com\/systemcenter\/softgrid\/default.mspx."},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the USENIX Conference on File and Storage Technologies (FAST\u201902)","author":"Soules C."},{"key":"e_1_2_1_43_1","unstructured":"Strace. http:\/\/www.liacs.nl\/~wichert\/strace. Strace. http:\/\/www.liacs.nl\/~wichert\/strace."},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS\u201905)","author":"Sun W."},{"key":"e_1_2_1_45_1","unstructured":"SVS. Software virtualization solution. http:\/\/www.altiris.com\/Products\/SoftwareVirtualizationSolution.aspx. SVS. Software virtualization solution. http:\/\/www.altiris.com\/Products\/SoftwareVirtualizationSolution.aspx."},{"key":"e_1_2_1_46_1","unstructured":"TFS. Translucent file system. SunOS Reference Manual Sun Microsystems. TFS. Translucent file system. SunOS Reference Manual Sun Microsystems."},{"key":"e_1_2_1_47_1","unstructured":"Tiilikainen T. Rename-them-all linux freeware version. http:\/\/linux.iconet.com.br\/system\/preview\/8622.html. Tiilikainen T. Rename-them-all linux freeware version. http:\/\/linux.iconet.com.br\/system\/preview\/8622.html."},{"key":"e_1_2_1_49_1","unstructured":"VirtualPC. http:\/\/www.microsoft.com\/windows\/products\/winfamily\/virtualpc\/default.mspx. VirtualPC. http:\/\/www.microsoft.com\/windows\/products\/winfamily\/virtualpc\/default.mspx."},{"key":"e_1_2_1_50_1","unstructured":"VMWare. http:\/\/www.vmware.com. VMWare. http:\/\/www.vmware.com."},{"key":"e_1_2_1_51_1","unstructured":"VMware. VMware Converter. http:\/\/www.vmware.com\/products\/converter. VMware. VMware Converter. http:\/\/www.vmware.com\/products\/converter."},{"key":"e_1_2_1_52_1","unstructured":"Webstone. http:\/\/www.mindcraft.com\/webstone. Webstone. http:\/\/www.mindcraft.com\/webstone."},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX\u201902)","author":"Whitaker A."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134760.1134766"},{"key":"e_1_2_1_55_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (UBENIX\u201999)","author":"Zadok E."},{"key":"e_1_2_1_56_1","volume-title":"Data versioning systems. Tech. rep","author":"Zhu N."},{"key":"e_1_2_1_57_1","volume-title":"Proceedings of the International Conference on Dependable Systems and Networks (DSN\u201903)","author":"Zhu N."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455526.1455527","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1455526.1455527","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:18Z","timestamp":1750287258000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455526.1455527"}},"subtitle":["An Isolated Environment for Experimenting with Untrusted Software"],"short-title":[],"issued":{"date-parts":[[2009,1]]},"references-count":56,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2009,1]]}},"alternative-id":["10.1145\/1455526.1455527"],"URL":"https:\/\/doi.org\/10.1145\/1455526.1455527","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,1]]},"assertion":[{"value":"2006-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-01-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}