@inproceedings{5bb34ef45f804a25b05820d30026c04a,
title = "StemJail: Dynamic role compartmentalization",
abstract = "While users tend to indiscriminately use the same device to address every need, exfiltration of information becomes the end game of attackers. Average users need realistic and practical solutions to enable them to mitigate the consequences of a security breach in terms of data leakage. We present StemJail, an open-source security solution to isolate groups of processes pertaining to the same activity into an environment exposing only the relevant subset of user data. At the heart of our solution lies dynamic activity discovery, allowing seamless integration of StemJail into the user workow. Our userland access control framework only relies on the ability of user to organize data in directories. Thus, it is easily configurable and requires very little user interaction once set up. Moreover, StemJail is designed to run without intrusive changes to the system and to be configured and used by any unprivileged user thanks to the Linux user namespaces.",
keywords = "Compartmentalization, Dynamic policy, Linux, Namespaces, Role, Sandbox, User activity",
author = "Micka{\"e}l Sala{\"u}n and Marion Daubignard and Herv{\'e} Debar",
note = "Publisher Copyright: {\textcopyright} 2016 Copyright held by the owner/author(s).; 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016 ; Conference date: 30-05-2016 Through 03-06-2016",
year = "2016",
month = may,
day = "30",
doi = "10.1145/2897845.2897912",
language = "English",
series = "ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery, Inc",
pages = "865--876",
booktitle = "ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security",
}