Janus

Janus {jan'-uhs}:
1. A practical tool for application sandboxing;
2. The Roman god of gates and doors (ianua)

We are now announcing a limited alpha release of Janus for Linux.

What. Janus is a security tool for sandboxing untrusted applications within a restricted execution environment. This can be used to limit the harm that can be caused by any successful compromise of the application. We have successfully used Janus to jail Apache, bind, and other programs within a limited sandbox without disturbing application behavior, and we continue to seek experience with using this approach in production environments.

Where. The source code is available to alpha testers for downloading here. Although you are welcome to tell others who may be interested about the tool, because this is only alpha code, we ask you not to publish the source code or the pointer to this web page until we are ready for a full public release.

Who. This software was written by Tal Garfinkel and David Wagner. It also draws heavily on earlier work in collaboration with Ian Goldberg, Randi Thomas, and Eric Brewer.

Feedback. We welcome questions, comments, bugs, and other feedback about the tool. We would be especially grateful for peer review of the loadable kernel module and rest of the source code. Please do not send questions to the authors; instead, we ask that you send them to the Janus mailing list, janus@ninja.cs.berkeley.edu, so that others may also benefit from the answers. Subscribe first, by sending email with the line subscribe janus to majordomo@ninja.cs.berkeley.edu.

Paper trail. We also have some information about earlier versions of the tool. An academic paper describes the philosophy, design, and implementation of an earlier version of Janus; see A secure environment for untrusted helper applications: confining the wily hacker (Goldberg, Wagner, Thomas, and Brewer; published in 1996 USENIX Security Symposium). Also, David's master's thesis discusses further experience with Janus; see Janus: an approach for confinement of untrusted applications. However, be warned that these publications are out of date; they describe an earlier version of Janus, which is significantly different in many respects.


David Wagner, daw@cs.berkeley.edu, http://www.cs.berkeley.edu/~daw/.
Tal Garfinkel, talg@cs.berkeley.edu, http://www.cs.berkeley.edu/~talg/.