A sand-boxing mechanism to run malicious/untrusted C and C++ codes. This project was done as a part of the 4th Sem Operating System Course at the Dept. of Information Technology, National Institute of Technology Karnataka Surathkal. The main objective was to run a C/C++ code whose origin or content is not known.
The TAJdefender is very easy to run. The source code of the user program should be placed in the sandbox folder and the shell script test.sh should be run with arguments being the filename of source code and the filename of input file. The shell script will say whether the compilation was unsuccessful, if not it will run the program and save the output file in the same folder. It will terminate with runtime error in-case there is a malicious code snippet.
- SECCOMP was used to prevent malicious system calls
- Custom implementation of memory allocating functions in C/C++
- Provides simple interface to load and excute a program in sandboxed environment via a script
- Preprocessing the program for commanly known malicious signature
- Implement other restrictions on execution time and other resource allocation.
- Add support for Docker
Please refer to project report in the repository for more details.
- Adarsh Mohata ([email protected])
- Ajith P S ([email protected])
- Ashish Kedia ([email protected])
a.k.a Team BugAssassins
Note : We would like acknowledge several open source sandbox implementations on git-hub. We have used codes not written by others.