Enforcing least privilege memory views for multithreaded applications

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 24-28-October-2016, Issue , 2016, Pages 393-405

  Hsu, Terry Ching Hsiang ^a   Hoffman, Kevin ^b   Eugster, Patrick ^a,c   Payer, Mathias ^a  

^a PURDUE UNIVERSITY   (United States)

^b EFolder Inc   (United States)

^c DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; COMPUTER OPERATING SYSTEMS; CONCURRENCY CONTROL; HTTP; WEB SERVICES;

APPLICATION REQUIREMENTS; CONCURRENT THREADS; MEMORY CORRUPTION; MULTI-THREADED APPLICATION; RUN-TIME PERFORMANCE; SEPARATION TECHNIQUES; SOFTWARE COMPONENT; THIRD GENERATION;

WEB BROWSERS;

EID: 84995505153     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2976749.2978327     Document Type: Conference Paper

References (52)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow Integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS'05, pages 340-353, New York, NY, USA, 2005. ACM.
2. I. Anati, S. Gueron, S. Johnson, and V. Scarlata. Innovative Technology for CPU based Attestation and Sealing. In Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP'13, New York, NY, USA, 2013. ACM.
3. J. Ansel, P. Marchenko, U. Erlingsson, E. Taylor, B. Chen, D. L. Schuff, D. Sehr, C. L. Biffle, and B. Yee. Language-independent Sandboxing of Just-in-time Compilation and Self-modifying Code. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'11, pages 355-366, New York, NY, USA, 2011. ACM.
4. AppArmor. https://wiki.ubuntu.com/AppArmor.
5. A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazières, and C. Kozyrakis. Dune: Safe User-level Access to Privileged CPU Features. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, OSDI'12, pages 335-348, Berkeley, CA, USA, 2012. USENIX Association.
6. E. D. Berger, K. S. McKinley, R. D. Blumofe, and P. R. Wilson. Hoard: A Scalable Memory Allocator for Multithreaded Applications. In Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS IX, pages 117-128, New York, NY, USA, 2000. ACM.
7. C. Bienia, S. Kumar, J. P. Singh, and K. Li. The PARSEC Benchmark Suite: Characterization and Architectural Implications. In Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques, PACT'08, pages 72-81, New York, NY, USA, 2008. ACM.
8. A. Bittau, P. Marchenko, M. Handley, and B. Karp. Wedge: Splitting Applications into Reduced-privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI'08, pages 309-322, Berkeley, CA, USA, 2008. USENIX Association.
9. D. Brumley and D. Song. Privtrans: Automatically Partitioning Programs for Privilege Separation. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 5-5, Berkeley, CA, USA, 2004. USENIX Association.
10. C. Bryce and C. Razafimahefa. An Approach to Safe Object Sharing. In Proceedings of the 15th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, OOPSLA'00, pages 367-381, New York, NY, USA, 2000. ACM.
11. W. Cheng, D. R. K. Ports, D. Schultz, V. Popic, A. Blankstein, J. Cowling, D. Curtis, L. Shrira, and B. Liskov. Abstractions for Usable Information Flow Control in Aeolus. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC'12, pages 12-12, Berkeley, CA, USA, 2012. USENIX Association.
12. Cherokee Web Server. http://cherokee-project.com/.
13. N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. Adve. Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS'15, pages 191-206, New York, NY, USA, 2015. ACM.
14. Multiprocess Firefox. https://developer.mozilla.org/en-US/Firefox/Multiprocess Firefox.
15. GDB: The GNU Project Debugger. https://www.gnu.org/software/gdb/.
16. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 40-40, Berkeley, CA, USA, 2012. USENIX Association.
17. M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using Innovative Instructions to Create Trustworthy Software Solutions. In Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP'13, pages 11:1-11:1, New York, NY, USA, 2013. ACM.
18. K. J. Hoffman, H. Metzger, and P. Eugster. Ribbons: A Partially Shared Memory Programming Model. In Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA'11, pages 289-306, New York, NY, USA, 2011. ACM.
19. Interesting stats based on Alexa Top 1, 000, 000 Sites. http://httparchive.org/interesting.php.
20. H. Hu, Z. L. Chua, S. Adrian, P. Saxena, and Z. Liang. Automatic Generation of Data-Oriented Exploits. In 24th USENIX Security Symposium (USENIX Security 15), pages 177-192, Washington, D. C., Aug. 2015. USENIX Association.
21. K. Kawachiya, K. Ogata, D. Silva, T. Onodera, H. Komatsu, and T. Nakatani. Cloneable JVM: A New Approach to Start Isolated Java Applications Faster. In Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE'07, pages 1-11, New York, NY, USA, 2007. ACM.
22. Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Proceeding of the 41st Annual International Symposium on Computer Architecuture, ISCA'14, pages 361-372, Piscataway, NJ, USA, 2014. IEEE Press.
23. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information Flow Control for Standard OS Abstractions. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP'07, pages 321-334, New York, NY, USA, 2007. ACM.
24. A. Kurmus and R. Zippel. A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14, pages 1366-1377, New York, NY, USA, 2014. ACM.
25. Linux Test Project. http://sourceforge.net/projects/ltp/.
26. S. McCamant and G. Morrisett. Evaluating SFI for a CISC Architecture. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association.
27. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP'10, pages 143-158, Washington, DC, USA, 2010. IEEE Computer Society.
28. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, Eurosys'08, pages 315-328, New York, NY, USA, 2008. ACM.
29. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP'13, pages 10:1-10:1, New York, NY, USA, 2013. ACM.
30. A. Mettler, D. Wagner, and T. Close. Joe-E: A Security-Oriented Subset of Java. In Network and Distributed Systems Symposium, NDSS 2010. Internet Society, 2010.
31. A. C. Myers. JFlow: Practical Mostly-static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL'99, pages 228-241, New York, NY, USA, 1999. ACM.
32. S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Everything You Want to Know About Pointer-Based Checking. In 1st Summit on Advances in Programming Languages (SNAPL 2015), volume 32 of Leibniz International Proceedings in Informatics (LIPIcs), pages 190-208, Dagstuhl, Germany, 2015. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.
33. N. Provos, M. Friedl, and P. Honeyman. Preventing Privilege Escalation. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12, SSYM'03, pages 16-16, Berkeley, CA, USA, 2003. USENIX Association.
34. I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel. Laminar: Practical Fine-grained Decentralized Information Flow Control. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'09, pages 63-74, New York, NY, USA, 2009. ACM.
35. J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, Sept 1975.
36. J. H. Saltzer. Protection and the Control of Information Sharing in Multics. Commun. ACM, 17(7):388-402, July 1974.
37. Same-origin Policy. https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin policy.
38. SECure COMPuting with filters. https://www.kernel.org/doc/Documentation/prctl/seccomp filter.txt.
39. SELinux. https://wiki.centos.org/HowTos/SELinux.
40. R. Strackx, P. Agten, N. Avonds, and F. Piessens. Salus: Kernel Support for Secure Process Compartments. EAI Endorsed Transactions on Security and Safety, 15(3), 1 2015.
41. R. Strackx and F. Piessens. Fides: Selectively Hardening Software Application Components Against Kernel-level or Process-level Malware. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS'12, pages 2-13, New York, NY, USA, 2012. ACM.
42. L. Szekeres, M. Payer, T. Wei, and D. Song. SoK: Eternal War in Memory. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP'13, pages 48-62, Washington, DC, USA, 2013. IEEE Computer Society.
43. Valgrind. http://valgrind.org/.
44. L. Vilanova, M. Ben-Yehuda, N. Navarro, Y. Etsion, and M. Valero. CODOMs: Protecting Software with Code-centric Memory Domains. In Proceeding of the 41st Annual International Symposium on Computer Architecuture, ISCA'14, pages 469-480, Piscataway, NJ, USA, 2014. IEEE Press.
45. G. Wagner, A. Gal, C. Wimmer, B. Eich, and M. Franz. Compartmental Memory Management in a Modern Web Browser. In Proceedings of the International Symposium on Memory Management, ISMM'11, pages 119-128, New York, NY, USA, 2011.
46. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles, SOSP'93, pages 203-216, New York, NY, USA, 1993. ACM.
47. J. Wang, X. Xiong, and P. Liu. Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications. In 2015 USENIX Annual Technical Conference (USENIX ATC 15), pages 361-373, Santa Clara, CA, July 2015. USENIX Association.
48. R. N. Watson, J. Anderson, B. Laurie, and K. Kennaway. Capsicum: Practical Capabilities for UNIX. In USENIX Security 2010, pages 29-46, 2010.
49. J. Woodruff, R. N. Watson, D. Chisnall, S. W. Moore, J. Anderson, B. Davis, B. Laurie, P. G. Neumann, R. Norton, and M. Roe. The CHERI Capability Model: Revisiting RISC in an Age of Risk. In Proceeding of the 41st Annual International Symposium on Computer Architecuture, ISCA'14, pages 457-468, Piscataway, USA, 2014. IEEE Press.
50. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In 2009 30th IEEE Symposium on Security and Privacy, pages 79-93, May 2009.
51. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in HiStar. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7, OSDI'06, pages 19-19, Berkeley, CA, USA, 2006. USENIX Association.
52. N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware Enforcement of Application Security Policies Using Tagged Memory. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI'08, pages 225-240, Berkeley, CA, USA, 2008. USENIX Association.