Security Research Preventing Privilege Escalation Application level sandboxing via privilege separation. Majority of application runs unprivileged. Security flaws in the unprivileged part are contained. [Submitted to 12th USENIX Security Symposium, August 2003] Improving Host Security with System Call Policies Kernel level sandbox. Supports interactive and automatic policy generation. Removes the need for setuid and setgid applications via privilege elevation of single system calls. [Submitted to 12th USENIX Security Symposium, August 2003] Honeyd - A Virtual Honeypot Daemon. Creates virtual machines that mimic the network stack of specified operating systems. Fools fingerprinting tools like nmap or xprobe.