{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:35:19Z","timestamp":1750221319786,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":19,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T00:00:00Z","timestamp":1498176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Tekes - the Finnish Funding Agency","award":["3772\/31\/2014"],"award-info":[{"award-number":["3772\/31\/2014"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,6,23]]},"DOI":"10.1145\/3134302.3134312","type":"proceedings-article","created":{"date-parts":[[2017,11,17]],"date-time":"2017-11-17T14:02:08Z","timestamp":1510927328000},"page":"141-148","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["A Survey on Application Sandboxing Techniques"],"prefix":"10.1145","author":[{"given":"Samuel","family":"Laur\u00e9n","sequence":"first","affiliation":[{"name":"Dept. of Future Technologies, University of Turku, Finland"}]},{"given":"Sampsa","family":"Rauti","sequence":"additional","affiliation":[{"name":"Dept. of Future Technologies, University of Turku, Finland"}]},{"given":"Ville","family":"Lepp\u00e4nen","sequence":"additional","affiliation":[{"name":"Dept. of Future Technologies, University of Turku, Finland"}]}],"member":"320","published-online":{"date-parts":[[2017,6,23]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"358","volume-title":"Internet Technology and Secured Transactions (ICITST), 2011 International Conference for. IEEE.","author":"Ameiri Faisal Al","year":"2011","unstructured":"Faisal Al Ameiri and Khaled Salah . \"Evaluation of popular application sandboxing \". In: Internet Technology and Secured Transactions (ICITST), 2011 International Conference for. IEEE. 2011 , pp. 358 -- 362 . Faisal Al Ameiri and Khaled Salah. \"Evaluation of popular application sandboxing\". In: Internet Technology and Secured Transactions (ICITST), 2011 International Conference for. IEEE. 2011, pp. 358--362."},{"key":"e_1_3_2_1_2_1","volume-title":"Consh: A confined execution environment for internet computations","author":"Alexandrov Albert","year":"1998","unstructured":"Albert Alexandrov , Paul Kmiec , and Klaus Schauser . Consh: A confined execution environment for internet computations . 1998 . Albert Alexandrov, Paul Kmiec, and Klaus Schauser. Consh: A confined execution environment for internet computations. 1998."},{"key":"e_1_3_2_1_3_1","unstructured":"Flatpak - the future of application distribution. URL: http:\/\/flatpak.org.  Flatpak - the future of application distribution. URL: http:\/\/flatpak.org."},{"key":"e_1_3_2_1_4_1","unstructured":"T Garfinkel and D Wagner. Janus: A practical tool for application sandboxing.  T Garfinkel and D Wagner. Janus: A practical tool for application sandboxing."},{"key":"e_1_3_2_1_5_1","first-page":"163","article-title":"Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools","volume":"3","author":"Tal Garfinkel","year":"2003","unstructured":"Tal Garfinkel et al . \" Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools .\" In: NDSS. Vol. 3 . 2003 , pp. 163 -- 176 . Tal Garfinkel et al. \"Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools.\" In: NDSS. Vol. 3. 2003, pp. 163--176.","journal-title":"NDSS."},{"key":"e_1_3_2_1_6_1","volume-title":"Ostia: A Delegating Architecture for Secure System Call Interposition.\" In: NDSS","author":"Garfinkel Tal","year":"2004","unstructured":"Tal Garfinkel , Ben Pfaff , Mendel Rosenblum , \" Ostia: A Delegating Architecture for Secure System Call Interposition.\" In: NDSS . 2004 . Tal Garfinkel, Ben Pfaff, Mendel Rosenblum, et al. \"Ostia: A Delegating Architecture for Secure System Call Interposition.\" In: NDSS. 2004."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography.","volume":"6","author":"Ian","year":"1996","unstructured":"Ian Goldberg et al. \"A secure environment for untrusted helper applications: Confining the wily hacker \". In: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography. Vol. 6 . 1996 . Ian Goldberg et al. \"A secure environment for untrusted helper applications: Confining the wily hacker\". In: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography. Vol. 6. 1996."},{"key":"e_1_3_2_1_8_1","unstructured":"google\/nsjail: A light-weight process isolation tool making use of Linux namespaces and seccomp-bpf syscall filters. URL: https:\/\/github.com\/google\/nsjail.  google\/nsjail: A light-weight process isolation tool making use of Linux namespaces and seccomp-bpf syscall filters. URL: https:\/\/github.com\/google\/nsjail."},{"key":"e_1_3_2_1_9_1","first-page":"139","volume-title":"USENIX Annual Technical Conference.","author":"Kim Taesoo","year":"2013","unstructured":"Taesoo Kim and Nickolai Zeldovich . \" Practical and Effective Sandboxing for Non-root Users .\" In: USENIX Annual Technical Conference. 2013 , pp. 139 -- 144 . Taesoo Kim and Nickolai Zeldovich. \"Practical and Effective Sandboxing for Non-root Users.\" In: USENIX Annual Technical Conference. 2013, pp. 139--144."},{"key":"e_1_3_2_1_10_1","first-page":"409","article-title":"MiniBox: A Two-Way Sandbox for x86 Native Code","author":"Yanlin Li","year":"2014","unstructured":"Yanlin Li et al . \" MiniBox: A Two-Way Sandbox for x86 Native Code .\" In: USENIX Annual Technical Conference. 2014 , pp. 409 -- 420 . Yanlin Li et al. \"MiniBox: A Two-Way Sandbox for x86 Native Code.\" In: USENIX Annual Technical Conference. 2014, pp. 409--420.","journal-title":"USENIX Annual Technical Conference."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_3_2_1_12_1","unstructured":"netblue30\/firejail: Linux namespaces and seccomp-bpf sandbox. URL: https:\/\/github.com\/netblue30\/firejail.  netblue30\/firejail: Linux namespaces and seccomp-bpf sandbox. URL: https:\/\/github.com\/netblue30\/firejail."},{"key":"e_1_3_2_1_13_1","volume-title":"Usenix Security","author":"Provos Niels","year":"2003","unstructured":"Niels Provos . \" Improving Host Security with System Call Policies .\" In : Usenix Security Vol. 3 . 2003 . Niels Provos. \"Improving Host Security with System Call Policies.\" In: Usenix Security Vol. 3. 2003."},{"key":"e_1_3_2_1_14_1","volume-title":"Minimalist Process Isolation Tool Implemented With Linux Namespaces\". In","author":"Raknes Inge Alexander","year":"2016","unstructured":"Inge Alexander Raknes , Bj\u00f8rn Fjukstad , and Lars Ailo Bongo . \"nsroot : Minimalist Process Isolation Tool Implemented With Linux Namespaces\". In : ( 2016 ). Inge Alexander Raknes, Bj\u00f8rn Fjukstad, and Lars Ailo Bongo. \"nsroot: Minimalist Process Isolation Tool Implemented With Linux Namespaces\". In: (2016)."},{"key":"e_1_3_2_1_15_1","unstructured":"Security Extension Specification. URL: https:\/\/www.x.org\/releases\/X11R7.6\/doc\/xextproto\/security.html.  Security Extension Specification. URL: https:\/\/www.x.org\/releases\/X11R7.6\/doc\/xextproto\/security.html."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2988545"},{"key":"e_1_3_2_1_18_1","unstructured":"Xnest(1) manual page. URL: https:\/\/www.x.org\/archive\/X11R7.5\/doc\/man\/man1\/Xnest.1.html.  Xnest(1) manual page. URL: https:\/\/www.x.org\/archive\/X11R7.5\/doc\/man\/man1\/Xnest.1.html."},{"key":"e_1_3_2_1_19_1","unstructured":"X.Org. URL: https:\/\/wwwx.org.  X.Org. URL: https:\/\/wwwx.org."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"}],"event":{"name":"CompSysTech'17: 18th International Conference on Computer Systems and Technologies","sponsor":["UORB University of Ruse, Bulgaria","TECHUVB Technical University of Varna, Bulgaria"],"location":"Ruse Bulgaria","acronym":"CompSysTech'17"},"container-title":["Proceedings of the 18th International Conference on Computer Systems and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134302.3134312","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134302.3134312","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:51Z","timestamp":1750212831000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134302.3134312"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,6,23]]},"references-count":19,"alternative-id":["10.1145\/3134302.3134312","10.1145\/3134302"],"URL":"https:\/\/doi.org\/10.1145\/3134302.3134312","relation":{},"subject":[],"published":{"date-parts":[[2017,6,23]]},"assertion":[{"value":"2017-06-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}