MAPBox: Using paramterized behavior classes to confine untrusted applications Anung Acharya, et al Summary: This work builds on Janus by providing a set of behavior classes and a corresponding set of Janus policies. The problem of choosing a correct security problem is then reduced to placing the application in an appropriate behavior class (browser, shell, game, etc.) Weaknesses: - can be turned off by the user - no guarantee that security policies are correct - restricted to programs that exist in a single behavior class - how well would this adopt to new program types (i.e., P2P) - assumes operating system is implemented correctly - how would this work for complicated applications like web servers that fork off child processes. The authors claim to support this, but I'm not convinced it's feasible. - are the parameterized security poliies constant across all users and all machines? do they change over time? - the X protocol is a big hassle: requires an application-specific proxy to grok the complex protocol.