A Fan-Out Sandboxing File System

Sandboxfs isolates modifications to the file system made by a a set of "bad" processes from the other "good" processes on a system. Sandboxfs also isolates file-system changes made by the "good" processes from the "bad" processes. Sandboxfs leverages the flexible input filters from Tracefs, good and bad processes are described using arbitrarily complex logical expressions.

To create a sandbox, we duplicate the super-block structure of Sandboxfs and attach a logical expression that dictates which processes belong to this sandbox. Whenever an operation crosses the Sandboxfs mount point, Sandboxfs directs the operation to the appropriate super-block. Each Sandboxfs super-block object has its own VFS caches (inode and dentry), but for efficiency shares the underlying page cache for common data. We call these separate per-entity caches for each directory split-view caches.

Journal Articles:

# Title (click for html version) Formats Published In Date Comments
1 On Incremental File System Development PS PDF BibTeX ACM Transactions on Storage (TOS) May 2006  
2 Versatility and Unix Semantics in Namespace Unification PS PDF BibTeX ACM Transactions on Storage (TOS) Feb 2006  
3 Unionfs: Bringing File Systems Together BibTeX Linux Journal Dec 2004  

Conference and Workshop Papers:

# Title (click for html version) Formats Published In Date Comments
1 UnionFS: User- and Community-oriented Development of a Unification Filesystem PS PDF BibTeX 2006 Ottawa Linux Symposium Jul 2006  

Technical Reports:

# Title (click for html version) Formats Published In Date Comments
1 Operating System Support for Extensible Secure File Systems PS PDF BibTeX Stony Brook U. CS TechReport FSL-04-02 May 2004 Ph.D. Research Proficiency Exam (RPE)

Past Students:

# Name (click for home page) Program Period Current Location
1 Charles P. Wright PhD May 2003 - May 2006 Partner, Senior Software Architect, Illumon (New York, NY)


# Sponsor Amount Period Type Title (click for award abstract)
1 NSF Trusted Computing (TC) $400,000 2003-2006 Sole PI A Layered Approach to Securing Network File Systems

(Last updated: Thu May 14 23:43:41 EDT 2020)