COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
University of Cambridge > Talks.cam > Microsoft Research Cambridge, public talks > Protecting Programs During Resource Retrieval
Protecting Programs During Resource RetrievalAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins. This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending Programs must retrieve many system resources to execute properly, but there are several classes of vulnerabilities that may befall programs during resource retrieval. These vulnerabilities are difficult for programmers to eliminate because their cause is external to the program: adversaries may control the inputs used to build names, name spaces used to find the target resources, and the target resources themselves to trick victim programs to retrieve resources of the adversaries’ choosing. In this talk, I will present a system mechanism, called the Process Firewall, that protects programs from vulnerabilities during resource retrieval by introspecting into running programs to enforce context-specific rules. Our key insight is that using introspection to prevent such vulnerabilities is safe because we only aim to protect processes, relying on access control to confine malicious processes. I will show that the Process Firewall can prevent many types of vulnerabilities during resource retrieval, including those involving race conditions. I will also show how to perform such introspection and enforcement efficiently, incurring much lower overhead than equivalent program defenses. Finally, I will describe a conceptual model that describes the conditions for safe resource retrieval, and outline how to produce enforceable rules from that model. By following this model, we find that the Process Firewall mechanism can prevent many vulnerabilities during resource retrieval without causing false positives. This talk is part of the Microsoft Research Cambridge, public talks series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsCambridge Evolutionary Genetics Global Challenges Research Fund (GCRF) Trinity Hall History Society CUES The Blackett SocietyOther talksXZ: X-ray spectroscopic redshifts of obscured AGN Autumn Cactus & Succulent Show TBC Plants of the Richtersveld Modular Algorithm Analysis Aspects of adaptive Galerkin FE for stochastic direct and inverse problems The role of myosin VI in connexin 43 gap junction accretion Single Cell Seminars (November) DataFlow SuperComputing for BigData A transmissible RNA pathway in honeybees Demographics, presentation, diagnosis and patient pathway of haematological malignancies |