University of Cambridge > > Computer Laboratory Security Seminar > Protecting Programs During Resource Retrieval

Protecting Programs During Resource Retrieval

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Laurent Simon.

Abstract: Programs must retrieve many system resources to execute properly, but there are several classes of vulnerabilities that may befall programs during resource retrieval. These vulnerabilities are difficult for programmers to eliminate because their cause is external to the program: adversaries may control the inputs used to build names, namespaces used to find the target resources, and the target resources themselves to trick victim programs to retrieve resources of the adversaries’ choosing. In this talk, I will present a system mechanism, called the Process Firewall, that protects programs from vulnerabilities during resource retrieval by introspecting into running programs to enforce context-specific rules. Our key insight is that using introspection to prevent such vulnerabilities is safe because we only aim to protect processes, relying on access control to confine malicious processes. I will show that the Process Firewall can prevent many types of vulnerabilities during resource retrieval, including those involving race conditions. I will also show how to perform such introspection and enforcement efficiently, incurring much lower overhead than equivalent program defenses. Finally, I will describe a conceptual model that describes the conditions for safe resource retrieval, and outline how to produce enforceable rules from that model. By following this model, we find that the Process Firewall mechanism can prevent many vulnerabilities during resource retrieval without causing false positives.

Bio: Trent Jaeger is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security Lab. Trent’s research interests include systems security and the application of programming language techniques to improve security. He has published over 100 referreed papers on these topics and the book “Operating Systems Security,” which examines the principles behind secure operating systems designs. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, SELinux, integrity measurement in Linux, and the Xen security architecture. He is currently the Chair of the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) and Program Chair of ASIACCS 2014 . Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively, and spent nine years at IBM Research prior to joining Penn State.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2023, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity