English

Sandboxing Adoption in Open Source Ecosystems

Software Engineering 2024-05-14 v2 Cryptography and Security

Abstract

Sandboxing mechanisms allow developers to limit how much access applications have to resources, following the least-privilege principle. However, it's not clear how much and in what ways developers are using these mechanisms. This study looks at the use of Seccomp, Landlock, Capsicum, Pledge, and Unveil in all packages of four open-source operating systems. We found that less than 1% of packages directly use these mechanisms, but many more indirectly use them. Examining how developers apply these mechanisms reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation. It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.

Cite

@article{arxiv.2405.06447,
  title  = {Sandboxing Adoption in Open Source Ecosystems},
  author = {Maysara Alhindi and Joseph Hallett},
  journal= {arXiv preprint arXiv:2405.06447},
  year   = {2024}
}

Comments

Published at the 12th ACM/IEEE International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems (SESoS 2024), Co-located with ICSE

R2 v1 2026-06-28T16:23:11.732Z