This software restricts an application's interaction with the system by enforcing policies on system calls.
After being notified about all system calls that an application tries to execute, the user configures a policy for the specific system call that caused the warning. Within a few minutes, a policy is generated that allows the application to run without any further warnings. Any events that are not covered by the policy still generate a warning which could be indicative of a potential security problem, making Systrace an essential tool for cyber security and intrusion prevention.
The software also provides automatic learning of policies. In many cases, these policies can be immediately used for sandboxing. While minimal manual post-processing may be necessary, it still saves time as untrusted binary applications can now be sandboxed and their system access can be almost restrictive.
With Systrace, constraining the system calls that large open-source applications are allowed to execute is also beneficial. This is especially important since it is very difficult to determine their correctness. There is also the option of rewriting dynamic system call arguments which provides a virtual chroot for the sandboxed application and prevents race conditions in the argument evaluation.
In summary, Systrace software is an excellent tool for improving cyber security, allowing for policy refinement, and providing virtual chroot for sandboxed applications.
Version 1.6f: N/A