JIGSAW: Protecting resource access by inferring programmer expectations

Proceedings of the 23rd USENIX Security Symposium

Volumn , Issue , 2014, Pages 973-988

  Vijayakumar, Hayawardh ^a   Ge, Xinyang ^a   Payer, Mathias ^b   Jaeger, Trent ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DATA FLOW ANALYSIS; FLOW GRAPHS;

ACTUAL ENVIRONMENTS; DATA FLOW; MISCONFIGURATIONS; RESOURCE ACCESS; RESOURCE RETRIEVAL; SYSTEM RESOURCES; WEB SERVERS;

SEARCH ENGINES;

EID: 84937690805     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (45)

1. J. P. Anderson. Computer Security Technology Planning Study, Volume II. Technical Report ESD-TR-73-51, Deputy for Command and Management Systems, HQ Electronics Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA, October 1972.
2. Apache Performance Tuning. http://httpd.apache.org/docs/2.2/misc/perf-tuning.html#symlinks, 2012.
3. A. Baliga, V. Ganapathy, and L. Iftode. Automatic inference and enforcement of kernel data structure invariants. In ACSAC'08: Proceedings of the 24th Annual Computer Security Applications Conference, pages 77-86, Anaheim, California, USA, December 2008. IEEE Computer Society Press, Los Alamitos, California, USA.
4. D. Balzarotti et al. Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Proceedings of the IEEE Symposium on Security and Privacy, 2008.
5. E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A system to specify and manage multipolicy access control models. In Proceedings of POLICY'02. IEEE Computer Society, 2002.
6. M. Bishop and M. Digler. Checking for race conditions in file accesses. Computer Systems, 9(2), Spring 1996.
7. D. Brumley, H. Wang, S. Jha, and D. Song. Creating vulnerability signatures using weakest preconditions. In Proceedings of the 20th IEEE Computer Security Foundations Symposium, 2007.
8. X. Cai et al. Exploiting Unix File-System Races via Algorithmic Complexity Attacks. In IEEE SSP '09, 2009.
9. S. Chari and P. Cheng. Bluebox: A policy-driven, host-based intrusion detection system. ACM Transaction on Infomation and System Security, 6:173-200, May 2003.
10. S. Chari et al. Where do you want to go today? escalating privileges by pathname manipulation. In NDSS '10, 2010.
11. C. Cowan, S. Beattie, C. Wright, and G. Kroah-Hartman. Race-guard: Kernel protection from temporary file race vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Berkeley, CA, USA, 2001. USENIX Association.
12. Common vulnerabilities and exposures. http://cve.mitre.org/.
13. D. Dean and A. Hu. Fixing races for fun and profit. In Proceedings of the 13th USENIX Security Symposium, 2004.
14. D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, SOSP'01, pages 57-72, New York, NY, USA, 2001. ACM.
15. M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin. Dynamically discovering likely program invariants to support program evolution. In Proceedings of the 21st International Conference on Software Engineering, ICSE'99, pages 213-224, New York, NY, USA, 1999. ACM.
16. N. Hardy. The confused deputy. Operating Systems Review, 22(4):36-38, Oct. 1988.
17. T. Jaeger, R. Sailer, and X. Zhang. Analyzing Integrity Protection in the SELinux Example Policy. In SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium, pages 5-5, Berkeley, CA, USA, 2003. USENIX Association.
18. J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385-394, July 1976.
19. M. N. Krohn et al. Information flow control for standard OS abstractions. In SOSP '07, 2007.
20. L. C. Lam and T.-C. Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of ACSAC '06, pages 463-472. IEEE Computer Society, 2006.
21. H. M. Levy. Capability-based Computer Systems. Digital Press, 1984. Available at http://www.cs.washington.edu/homes/levy/capabook/.
22. J. Newsome et al. Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In NDSS, 2005.
23. Novell. AppArmor Linux Application Security. http://www.novell.com/linux/security/apparmor/.
24. Selinux. http://www.nsa.gov/selinux.
25. OpenWall Project - Information security software for open environments. http://www.openwall.com/, 2008.
26. J. Park, G. Lee, S. Lee, and D.-K. Kim. Rps: An extension of reference monitor to prevent race-attacks. In PCM (1) 04, 2004.
27. M. Payer and T. R. Gross. Protecting applications against tocttou races by user-space caching of file metadata. In Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, 2012.
28. M. Payer, E. Kravina, and T. R. Gross. Lightweight memory tracing. In Proceedings of the 2013 USENIX Conference on Annual Technical Conference, USENIX ATC'13, pages 115-126, Berkeley, CA, USA, 2013. USENIX Association.
29. D. E. Porter et al. Operating system transactions. In SOSP '09, 2009.
30. N. Provos et al. Preventing privilege escalation. In USENIX Security '03, 2003.
31. F. Qin et al. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In MICRO 39, 2006.
32. S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst., 15(4):391-411, Nov. 1997.
33. R. Sekar. An efficient black-box technique for defeating web application attacks. In NDSS, 2009.
34. J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: A fast capability system. In Proceedings of the 17th ACM Symposium on Operating System Principles, December 1999.
35. K. suk Lhee and S. J. Chapin. Detection of file-based race conditions. Int. J. Inf. Sec., 2005.
36. D. Tsafrir et al. Portably solving file tocttou races with hardness amplification. In USENIX FAST, 2008.
37. E. Tsyrklevich and B. Yee. Dynamic detection and prevention of race conditions in file accesses. In Proceedings of the 12th USENIX Security Symposium, pages 243-255, 2003.
38. P. Uppuluri, U. Joshi, and A. Ray. Preventing race condition attacks on file-systems. In SAC-05, 2005.
39. H. Vijayakumar, J. Schiffman, and T. Jaeger. Sting: Finding name resolution vulnerabilities in programs. In Proceedings of the 21st USENIX Security Symposium (USENIX Security 2012), August 2012.
40. H. Vijayakumar, J. Schiffman, and T. Jaeger. Process firewalls: Protecting processes during resource access. In Proceedings of the 8th ACM European Conference on Computer Systems (EU-ROSYS 2013), April 2013.
41. H. Vijayakumar et al. Integrity walls: Finding attack surfaces from mandatory access control policies. In ASIACCS, 2012.
42. R. Watson et al. Capsicum: practical capabilities for UNIX. In USENIX Security, 2010.
43. J. Wei et al. Tocttou vulnerabilities in unix-style file systems: an anatomical study. In USENIX FAST '05, 2005.
44. J. Wei et al. A methodical defense against TOCTTOU attacks: the EDGI approach. In IEEE International Symp. on Secure Software Engineering (ISSSE), 2006.
45. N. Zeldovich et al. Making information flow explicit in HiStar. In OSDI '06, 2006.