Iago attacks: Why the system call API is a bad untrusted rpc interface

ACM SIGPLAN Notices

Volumn 48, Issue 4, 2013, Pages 253-263

  Checkoway, Stephen ^a   Shacham, Hovav ^b  

^a JOHNS HOPKINS UNIVERSITY   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Iago attacks; Overshadow; System call

Indexed keywords

IAGO ATTACKS; LINUX SYSTEMS; OVERSHADOW; PROTECTION MECHANISMS; RETURN VALUE; SYSTEM CALLS; TRUSTED APPLICATIONS;

COMPUTER OPERATING SYSTEMS; INTRUSION DETECTION;

APPLICATION PROGRAMMING INTERFACES (API);

EID: 84880119749     PISSN: 15232867     EISSN: None     Source Type: Journal    
DOI: 10.1145/2499368.2451145     Document Type: Conference Paper

References (29)

1. Anonymous. Once upon a free(). . . . Phrack Magazine, 57(9), August 2001. http://www.phrack.org/archives/57/p57-0x09-Once%20upon%20a%20free()-by- anonymous%20author.txt.
2. Adam Barth, Collin Jackson, Charles Reis, and The Google Chrome Team. The security architecture of the Chromium browser. Online: http://seclab.stanford. edu/websec/chromium/, 2008.
3. blackngel. Malloc des-maleficarum. Phrack Magazine, 66(10), November 2009. http://www.phrack.org/archives/66/p66-0x0a-Malloc%20Des-Maleficarum-by- blackngel.txt.
4. blackngel. ptmalloc v2 & v3: Analysis & corruption. Phrack Magazine, 67(8), November 2010. http://www.phrack.org/archives/67/p67-0x08- The%20House%20Of%20Lore:%20Reloaded%20ptmalloc%20v2%20&%20v3: %20Analysis%20&%20Corruption-by-blackngel.txt.
5. Stephen Checkoway, Ariel J. Feldman, Brian Kantor, J. Alex Halderman, Edward W. Felten, and Hovav Shacham. Can DREs provide long-lasting security? The case of return-oriented programming and the AVC Advantage. In David Jefferson, Joseph Lorenzo Hall, and Tal Moran, editors, Proceedings of EVT/WOTE 2009. USENIX/ACCURATE/ IAVoSS, August 2009.
6. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In James Larus, editor, Proceedings of ASPLOS 2008, pages 2-13. ACM Press, March 2008.
7. ISO/IEC FDIS 9899:1999 (E). Programming languages - C. ISO, 1999.
8. Dawson R. Engler, M. Frans Kaashoek, and James W. O'Toole. Exokernel: An operating system architecture for application-level resource management,. In Mark Weiser, editor, Proceedings of SOSP 1995, pages 251-66. ACM Press, December 1995.
9. Tal Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In Virgil Gligor and Mike Reiter, editors, Proceedings of NDSS 2003. Internet Society, February 2003.
10. Tal Garfinkel, Ben Pfaff, and Mendel Rosenblum. Ostia: A delegating architecture for secure system call interposition. In Mike Reiter and Dan Boneh, editors, Proceedings of NDSS 2004. Internet Society, February 2004.
11. Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. A secure environment for untrusted helper applications. In Greg Rose, editor, Proceedings of USENIX Security 1996. USENIX, July 1996.
12. David B. Golub and Richard P. Draves. Moving the default memory manager out of the mach kernel. In Alan Langerman, editor, Proceedings of Mach Symposium 1991, pages 177-88, November, 1991. USENIX.
13. Michel Kaempf. Vudo malloc tricks. Phrack Magazine, 57(8), August 2001. http://www.phrack.org/archives/57/p57-0x08-Vudo%20malloc%20tricks-by-MaXX.txt.
14. David Lie, Chandramohan Thekkath, and Mark Horowitz. Implementing an untrusted operating system on trusted hardware. In Larry Peterson, editor, Proceedings of SOSP 2003, pages 178-92. ACM Press, October 2003.
15. Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. Minimal tcb code execution (extended abstract). In Birgit Pfitzmann and Patrick McDaniel, editors, Proceedings of IEEE Security & Privacy ("Oakland") 2007, pages 267-72. IEEE Computer Society, May 2007.
16. Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. How low can you go? Recommendations for hardware-supported minimal TCB code execution. In James Larus, editor, Proceedings of ASPLOS 2008, pages 14-25. ACM Press, March 2008.
17. Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. Flicker: An execution infrastructure for TCB minimization. In Steven Hand, editor, Proceedings of EuroSys 2008, pages 315-28. ACM Press, March 2008.
18. Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Safe passage for passwords and other sensitive data. In Giovanni Vigna, editor, Proceedings of NDSS 2009. The Internet Society, February 2009.
19. Gene Novark and Emery D. Berger. DieHarder: Securing the heap. In Angelos D. Keromytis and Vitaly Shmatikov, editors, Proceedings of CCS 2010. ACM Press, October 2010.
20. Jon Oberheide. The stack is back. Presented at Infiltrate 2012, January 2012. Presentation. Slides: http://jon.oberheide.org/files/infiltrate12- thestackisback.pdf.
21. Phantasmal Phantasmagoria. The malloc maleficarum: Glibc malloc exploitation techniques. Bugtraq, October 2005. http://seclists.org/bugtraq/ 2005/Oct/118.
22. Dan R.K. Ports and Tal Garfinkel. Towards application security on untrusted operating systems. In Niels Provos, editor, Proceedings of HotSec 2008. USENIX, July 2008.
23. POSIX.1-2008/IEEE Std 1003.1-2008. The Open Group Base Specifications Issue 7. IEEE and The Open Group, 2008.
24. Niels Provos. Improving host security with system call policies. In Vern Paxson, editor, Proceedings of USENIX Security 2003. USENIX, August 2003.
25. Eric Rescorla. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, 2000.
26. Thomas Ristenpart and Scott Yilek. When good randomness goes bad: Virtual machine reset vulnerabilities and hedging deployed cryptography. InWenke Lee, editor, Proceedings of NDSS 2003. Internet Society, February 2003.
27. Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. Return-oriented programming: Systems, languages, and applications. Trans. Info. & Sys. Sec., 2012. To appear.
28. Alexander Sotirov and Mark Dowd. Bypassing browser memory protections in Windows Vista. Presented at Black Hat 2008, August 2008. Online: http://www.phreedom.org/research/bypassingbrowser-memory-protections/ bypassing-browsermemory-protections.pdf.
29. Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, and Stefan Savage. When private keys are public: Results from the 2008 Debian OpenSSL vulnerability. In Anja Feldmann and Laurent Mathy, editors, Proceedings of IMC 2009, pages 15-27. ACM Press, November 2009.