{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T23:51:48Z","timestamp":1768521108031,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,8,27]],"date-time":"2018-08-27T00:00:00Z","timestamp":1535328000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,8,27]]},"DOI":"10.1145\/3265723.3265734","type":"proceedings-article","created":{"date-parts":[[2018,9,21]],"date-time":"2018-09-21T12:42:08Z","timestamp":1537533728000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["A Lightweight and Fine-grained File System Sandboxing Framework"],"prefix":"10.1145","author":[{"given":"Ashish","family":"Bijlani","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology Atlanta, GA"}]},{"given":"Umakishore","family":"Ramachandran","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology Atlanta, GA"}]}],"member":"320","published-online":{"date-parts":[[2018,8,27]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"A Comparison of Unix Sandboxing Techniques. FreeBSD Journal","author":"Anderson Jonathan","year":"2017","unstructured":"Jonathan Anderson . 2017. A Comparison of Unix Sandboxing Techniques. FreeBSD Journal ( 2017 ). Jonathan Anderson. 2017. A Comparison of Unix Sandboxing Techniques. FreeBSD Journal (2017)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_2_1_3_1","volume-title":"Boxify: Full-fledged app sandboxing for stock android. (Aug.","author":"Backes Michael","year":"2015","unstructured":"Michael Backes , Sven Bugiel , Christian Hammer , Oliver Schranz , and Philipp von Styp-Rekowsky . 2015 . Boxify: Full-fledged app sandboxing for stock android. (Aug. 2015), 27--38. Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. 2015. Boxify: Full-fledged app sandboxing for stock android. (Aug. 2015), 27--38."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS). IEEE","author":"Barth Adam","year":"2010","unstructured":"Adam Barth , Adrienne Porter Felt , Prateek Saxena , and Aaron Boodman . 2010 . Protecting Browsers from Extension Vulnerabilities . In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS). IEEE , San Diego, CA, 1--17. Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. 2010. Protecting Browsers from Extension Vulnerabilities. In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS). IEEE, San Diego, CA, 1--17."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 1995 USENIX Annual Technical Conference (ATC). USENIX Association","author":"Berman Andrew","year":"1995","unstructured":"Andrew Berman , Virgil Bourassa , and Erik Selberg . 1995 . TRON: Process-specific File Protection for the UNIX Operating System . In Proceedings of the 1995 USENIX Annual Technical Conference (ATC). USENIX Association , New Orleans, Louisiana, 14--14. Andrew Berman, Virgil Bourassa, and Erik Selberg. 1995. TRON: Process-specific File Protection for the UNIX Operating System. In Proceedings of the 1995 USENIX Annual Technical Conference (ATC). USENIX Association, New Orleans, Louisiana, 14--14."},{"key":"e_1_3_2_1_6_1","unstructured":"Theo de Raddt. 2015. pledge() a new mitigation mechanism. (2015). http:\/\/openbsd.org\/papers\/hackfest2015-pledge\/mgp00001.html  Theo de Raddt. 2015. pledge() a new mitigation mechanism. (2015). http:\/\/openbsd.org\/papers\/hackfest2015-pledge\/mgp00001.html"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS). IEEE","author":"Tal","unstructured":"Tal Garfinkel et al. 2003. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools . In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS). IEEE , San Diego, CA, 163--176. Tal Garfinkel et al. 2003. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS). IEEE, San Diego, CA, 163--176."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS). IEEE","author":"Garfinkel Tal","year":"2004","unstructured":"Tal Garfinkel , Ben Pfaff , Mendel Rosenblum , 2004 . Ostia: A Delegating Architecture for Secure System Call Interposition . In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS). IEEE , San Diego, CA, 187--201. Tal Garfinkel, Ben Pfaff, Mendel Rosenblum, et al. 2004. Ostia: A Delegating Architecture for Secure System Call Interposition. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS). IEEE, San Diego, CA, 187--201."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 6th USENIX Security Symposium (Security). USENIX Association","author":"Goldberg Ian","unstructured":"Ian Goldberg , David Wagner , Randi Thomas , and Eric A. Brewer . 1996. A Secure Environment for Untrusted Helper Applications Confining the Wily Hacker . In Proceedings of the 6th USENIX Security Symposium (Security). USENIX Association , San Jose, CA, 1--1. Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996. A Secure Environment for Untrusted Helper Applications Confining the Wily Hacker. In Proceedings of the 6th USENIX Security Symposium (Security). USENIX Association, San Jose, CA, 1--1."},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 2011 USENIX Annual Technical Conference (ATC). USENIX Association","author":"Guo Philip J","year":"2011","unstructured":"Philip J Guo and Dawson R Engler . 2011 . CDE: Using System Call Interposition to Automatically Create Portable Software Packages . In Proceedings of the 2011 USENIX Annual Technical Conference (ATC). USENIX Association , Portland, OR, 21--21. Philip J Guo and Dawson R Engler. 2011. CDE: Using System Call Interposition to Automatically Create Portable Software Packages. In Proceedings of the 2011 USENIX Annual Technical Conference (ATC). USENIX Association, Portland, OR, 21--21."},{"key":"e_1_3_2_1_12_1","unstructured":"IOVisor. 2017. eBPF: extended Berkley Packet Filter. (2017). https:\/\/www.iovisor.org\/technology\/ebpf  IOVisor. 2017. eBPF: extended Berkley Packet Filter. (2017). https:\/\/www.iovisor.org\/technology\/ebpf"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 7th Annual Network and Distributed System Security Symposium (NDSS). IEEE","author":"Jain Kapil","year":"2000","unstructured":"Kapil Jain and R Sekar . 2000 . User-level infrastructure for system call interposition: A platform for intrusion detection and confinement . In Proceedings of the 7th Annual Network and Distributed System Security Symposium (NDSS). IEEE , San Diego, CA, 19--34. Kapil Jain and R Sekar. 2000. User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In Proceedings of the 7th Annual Network and Distributed System Security Symposium (NDSS). IEEE, San Diego, CA, 19--34."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168626"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 2013 USENIX Annual Technical Conference (ATC). USENIX Association","author":"Kim Taesoo","year":"2013","unstructured":"Taesoo Kim and Nickolai Zeldovich . 2013 . Practical and Effective Sandboxing for Non-root Users . In Proceedings of the 2013 USENIX Annual Technical Conference (ATC). USENIX Association , San Jose, CA, 139--144. Taesoo Kim and Nickolai Zeldovich. 2013. Practical and Effective Sandboxing for Non-root Users. In Proceedings of the 2013 USENIX Annual Technical Conference (ATC). USENIX Association, San Jose, CA, 139--144."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the","author":"McCanne Steven","year":"1993","unstructured":"Steven McCanne and Van Jacobson . 1993 . The BSD Packet Filter: A New Architecture for User-level Packet Capture . In Proceedings of the Winter 1993 USENIX Annual Technical Conference (ATC). USENIX Association, San Diego, CA. Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the Winter 1993 USENIX Annual Technical Conference (ATC). USENIX Association, San Diego, CA."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 2010 USENIX Annual Technical Conference (ATC). USENIX Association","author":"Potter Shaya","year":"2010","unstructured":"Shaya Potter and Jason Nieh . 2010 . Apiary: Easy-to-use Desktop Application Fault Containment on Commodity Operating Systems . In Proceedings of the 2010 USENIX Annual Technical Conference (ATC). USENIX Association , Boston, MA, 8--8. Shaya Potter and Jason Nieh. 2010. Apiary: Easy-to-use Desktop Application Fault Containment on Commodity Operating Systems. In Proceedings of the 2010 USENIX Annual Technical Conference (ATC). USENIX Association, Boston, MA, 8--8."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 12th USENIX Security Symposium (Security). USENIX Association","author":"Provos Niels","year":"2003","unstructured":"Niels Provos . 2003 . Improving Host Security with System Call Policies . In Proceedings of the 12th USENIX Security Symposium (Security). USENIX Association , Washington, DC, 18--18. Niels Provos. 2003. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium (Security). USENIX Association, Washington, DC, 18--18."},{"key":"e_1_3_2_1_19_1","volume-title":"Filesystem in Userspace. (February","author":"Szeredi M.","year":"2005","unstructured":"M. Szeredi . 2005. Filesystem in Userspace. (February 2005 ). http:\/\/fuse.sourceforge.net M. Szeredi. 2005. Filesystem in Userspace. (February 2005). http:\/\/fuse.sourceforge.net"},{"key":"e_1_3_2_1_20_1","volume-title":"15th USENIX Conference on File and Storage Technologies (FAST) (FAST 17)","author":"Reddy Vangoor Bharath Kumar","year":"2017","unstructured":"Bharath Kumar Reddy Vangoor , Vasily Tarasov , and Erez Zadok . 2017 . To FUSE or Not to FUSE: Performance of User-Space File Systems . In 15th USENIX Conference on File and Storage Technologies (FAST) (FAST 17) . USENIX Association, Santa Clara, CA, 77--90. Bharath Kumar Reddy Vangoor, Vasily Tarasov, and Erez Zadok. 2017. To FUSE or Not to FUSE: Performance of User-Space File Systems. In 15th USENIX Conference on File and Storage Technologies (FAST) (FAST 17). USENIX Association, Santa Clara, CA, 77--90."},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 2010 USENIX Annual Technical Conference (ATC). USENIX Association","author":"Watson Robert NM","year":"2010","unstructured":"Robert NM Watson , Jonathan Anderson , Ben Laurie , and Kris Kennaway . 2010 . Capsicum: Practical Capabilities for UNIX . In Proceedings of the 2010 USENIX Annual Technical Conference (ATC). USENIX Association , Boston, MA, 2--2. Robert NM Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2010. Capsicum: Practical Capabilities for UNIX. In Proceedings of the 2010 USENIX Annual Technical Conference (ATC). USENIX Association, Boston, MA, 2--2."},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 1999 USENIX Annual Technical Conference (ATC). USENIX Association","author":"Zadok E.","unstructured":"E. Zadok , I. B\u0103rdulescu , and A. Shender . 1999. Extending File Systems Using Stackable Templates \". In Proceedings of the 1999 USENIX Annual Technical Conference (ATC). USENIX Association , Monterey, CA, 57--70. E. Zadok, I. B\u0103rdulescu, and A. Shender. 1999. Extending File Systems Using Stackable Templates\". In Proceedings of the 1999 USENIX Annual Technical Conference (ATC). USENIX Association, Monterey, CA, 57--70."}],"event":{"name":"APSys '18: 9th Asia-Pacific Workshop on Systems","location":"Jeju Island Republic of Korea","acronym":"APSys '18","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 9th Asia-Pacific Workshop on Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3265723.3265734","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3265723.3265734","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:39:49Z","timestamp":1750210789000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3265723.3265734"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,27]]},"references-count":22,"alternative-id":["10.1145\/3265723.3265734","10.1145\/3265723"],"URL":"https:\/\/doi.org\/10.1145\/3265723.3265734","relation":{},"subject":[],"published":{"date-parts":[[2018,8,27]]},"assertion":[{"value":"2018-08-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}