Annual Computer Security Applications Conference (ACSAC) 2022

Full Program »

Towards Practical Application-level Support for Privilege Separation

Privilege separation (privsep) is an effective technique for improving software’s security, but privsep involves decomposing software into components and assigning them different privileges. This is often laborious and error-prone. This paper contributes the following for applying privsep to C software: (1) a portable, lightweight, and distributed runtime library that abstracts externally-enforced compartment isolation; (2) an abstract compartmentalization model of software for reasoning about privsep; and (3) a privsep-aware Clang-based tool for code analysis and semi-automatic software transformation to use the runtime library. The evaluation spans 19 compartmentalizations of third-party software and examines: Security: 4 CVEs in widely-used software were rendered unexploitable; Approximate Effort Saving: on average, the synthesis-to-annotation code ratio was greater than 11.9 (i.e., 10× lines of code were generated for each annotation); and Overhead: execution-time overhead was less than 2%, and memory overhead was linear in the number of compartments.

Nik Sultana
Illinois Institute of Technology

Henry Zhu
UIUC

Ke Zhong
University of Pennsylvania

Zhilei Zheng
University of Pennsylvania

Ruijie Mao
University of Pennsylvania

Digvijaysinh Chauhan
University of Pennsylvania

Stephen Carrasquillo
University of Pennsylvania

Junyong Zhao
University of Arizona

Lei Shi
University of Pennsylvania

Nikos Vasilakis
Brown University and MIT

Boon Thau Loo
University of Pennsylvania

Paper (ACM DL)

Slides

 



Powered by OpenConf®
Copyright©2002-2023 Zakon Group LLC