Introduction In UNIX, system calls are the gateway to privileged operations. A successful system compromise possible only via system calls. Confinement or sand boxing to restrict the system calls an applications may perform. Goldberg and Wagner's Janus. Drawbacks: Policy difficult to define. Applications may not chdir, etc. Jain and Sekar's User-Level Infrastructure. Drawbacks: Policy implemented as C++. Policy difficult to define.