Ryan Lehmkuhl 1. The paper presents the delegating architecture as an improvement over the filtering architecture for a number of reasons. However, is the delegating architecture better in all possible ways? What could be an advantage of the filtering architecture over the delegating architecture? Most obviously, the delegating architecture underperformed the filtering architecture in almost all of the benchmarks except for the one involving a high number of processes. But more seriously, the delegating architecture necessitates a lot more trust in the sandbox. In the filtering architecture, the sandbox simply has the power to Deny or Allow a various syscall from inside of it, while the delegating architecture actually makes the syscal for the process. Thus, while a malicious filtering sandbox could simply DoS the application, a malicious delegating sandbox has the power to modify the sandboxed application's syscalls and such.