research-article

Adaptive defenses for commodity software through virtual application partitioning

Authors:

Dimitris Geneiatakis,

Georgios Portokalidis,

Vasileios P. Kemerlis,

Angelos D. KeromytisAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 133 - 144

https://doi.org/10.1145/2382196.2382214

Published: 16 October 2012 Publication History

Abstract

Applications can be logically separated to parts that face different types of threats, or suffer dissimilar exposure to a particular threat because of external events or innate properties of the software. Based on this observation, we propose the virtual partitioning of applications that will allow the selective and targeted application of those protection mechanisms that are most needed on each partition, or manage an application's attack surface by protecting the most exposed partition. We demonstrate the value of our scheme by introducing a methodology to automatically partition software, based on the intrinsic property of user authentication. Our approach is able to automatically determine the point where users authenticate, without access to source code. At runtime, we employ a monitor that utilizes the identified authentication points, as well as events like accessing specific files, to partition execution and adapt defenses by switching between protection mechanisms of varied intensity, such as dynamic taint analysis and instruction-set randomization. We evaluate our approach using seven well-known network applications, including the MySQL database server. Our results indicate that our methodology can accurately discover authentication points. Furthermore, we show that using virtual partitioning to apply costly protection mechanisms can reduce performance overhead by up to 5x, depending on the nature of the application.

References

[1]

P. Akritidis. Cling: A Memory Allocator to Mitigate Dangling Pointers. In Proceedings of the 19th USENIX Security Symposium (USENIX Sec), pages 177--192, 2010.

Digital Library

[2]

P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing Memory Error Exploits with WIT. In Proceedings of the $29^th$ IEEE Symposium on Security and Privacy (S&P), pages 263--277, 2008.

Digital Library

[3]

D. Bapat, K. Butler, and P. McDaniel. Towards Automated Privilege Separation. In Proceedings of the 3rd International Conference on Information Systems Security (ICISS), pages 272--276, 2007.

Digital Library

[4]

A. Bittau, P. Marchenko, M. Handley, and B. Karp. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 309--322, 2008.

Digital Library

[5]

D. Brumley and D. Song. Privtrans: Automatically Partitioning Programs for Privilege Separation. In Proceedings of the 13th USENIX Security Symposium (USENIX Sec), pages 57--72, 2004.

Digital Library

[6]

M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), pages 147--160, 2006.

Digital Library

[7]

S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-Control-Data Attacks Are Realistic Threats. In Proceedings of the 14th USENIX Security Symposium (USENIX Sec), pages 177--192, 2005.

Digital Library

[8]

COMPUTERWORLD. Microsoft BPOS cloud service hit with data breach. http://www.computerworld.com/s/article/9202078/ Microsoft_BPOS_cloud_service_hit_with_data_breach, December 2010.

[9]

CVE. CVE-2003-0780. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0780, September 2003.

[10]

CVE. CVE-2006-6170. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170, November 2006.

[11]

CVE. CVE-2008-0226. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226, January 2008.

[12]

CVE. CVE-2009-1394. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1394, April 2009.

[13]

CVE. CVE-2009--4484. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484, December 2009.

[14]

CVE. CVE-2012--2110. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110, April 2012.

[15]

S. Designer. Getting around non-executable stack (and fix). http://seclists.org/bugtraq/1997/Aug/63, August 1997.

[16]

Dropbox. Homepage of Dropbox ™ Cloud Storage. http://www.dropbox.com, June 2012.

[17]

Facebook Developers. HipHop for PHP. https://developers.facebook.com/blog/post/2010/02/02/hiphop-for-php-move-fast/, June 2012.

[18]

GEEKOLOGIE. Disgruntled IT Administrator Commandeers San Francisco City Network, Gets Arrested, Sticks It To The Man By Refusing To Give Up Password. http://www.geekologie.com/2008/07/disgruntled_it_administrator_c.php, July 2008.

[19]

ICS-CERT. Progea Movicon Data Leakage and Denial-of-Service Vulnerability. http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf, March 2011.

[20]

V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. libdft: Practical Dynamic Data Flow Tracking for Commodity Systems. In Proceedings of the 8th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pages 121--132, 2012.

Digital Library

[21]

D. Kilpatrick. Privman: A Library for Partitioning Applications. In Proceedings of the 2003 USENIX Annual Technical Conference (FREENIX Track), pages 273--284.

[22]

A. Krishnamurthy, A. Mettler, and D. Wagner. Fine-Grained Privilege Separation for Web Applications. In Proceedings of the 19th International World Wide Web Conference (WWW), pages 551--560, 2010.

Digital Library

[23]

M. Krohn. Building Secure High-Performance Web Services with OKWS. In Proceedings of the 2004 USENIX Annual Technical Conference (USENIX ATC), pages 185--198.

Digital Library

[24]

T. Liu, Y. Li, A. Schofield, M. Hogstrom, K. Sun, and Y. Chen. Partition-based Heap Memory Management in an Application Server. SIGOPS Operating Systems Review, 42(1):98, January 2008.

Digital Library

[25]

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of the 26th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 190--200.

Digital Library

[26]

D. G. Murray and S. Hand. Privilege separation made easy: trusting small libraries not big processes. In Proceedings of the 1st European Workshop on System Security (EuroSec), pages 40--46, 2008.

Digital Library

[27]

B. C. Neuman and T. Ts'o. Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine, 32(9):33--38, September 1994.

Digital Library

[28]

J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the 12th Network and Distributed System Security Symposium (NDSS), 2005.

[29]

E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing Security Checks on Commodity Hardware. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 308--318, 2008.

Digital Library

[30]

Northrop Grumman Corporation. CLOC: Count Lines of Code. http://cloc.sourceforge.net, April 2012.

[31]

G. Novark and E. D. Berger. DieHarder: Securing the Heap. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pages 573--584, 2010.

Digital Library

[32]

K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), pages 49--58, 2010.

Digital Library

[33]

V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P), pages 601--615, 2012.

Digital Library

[34]

PaX. Homepage of The PaX Team. http://pax.grsecurity.net, June 2012.

[35]

P. Porras, H. Saidi, and V. Yegneswaran. Conficker C Analysis. Technical report, SRI International, 2009.

[36]

G. Portokalidis and A. D. Keromytis. Fast and Practical Instruction-Set Randomization for Commodity Systems. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), pages 41--48, 2010.

Digital Library

[37]

N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium (USENIX Sec), pages 257--272, 2003.

Digital Library

[38]

N. Provos, M. Friedl, and P. Honeyman. Preventing Privilege Escalation. In Proceedings of the 12th USENIX Security Symposium (USENIX Sec), pages 231--242, 2003.

Digital Library

[39]

F. Qin, C. Wang, Z. Li, H.-S. Kim, Y. Zhou, and Y. Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In Proceedings of the 39th IEEE/ACM International Symposium on Microarchitecture (MICRO), pages 135--148, 2006.

Digital Library

[40]

C. Reis and S. D. Gribble. Isolating Web Programs in Modern Browser Architectures. In Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys), pages 219--232, 2009.

Digital Library

[41]

J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9):1278--1308, April 1975.

[42]

H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pages 552--561, 2007.

Digital Library

[43]

S. Sidiroglou, O. Laadan, C. R. Perez, N. Viennot, J. Nieh, and A. D. Keromytis. ASSURE: Automatic Software Self-healing Using REscue points. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 37--48, 2009.

Digital Library

[44]

D. Smørgrav. Pluggable Authentication Modules. http://www.freebsd.org/doc/en/articles/pam/, May 2012.

[45]

Sophos. Groupon subsidiary leaks 300K logins, fixes fail, fails again. http://nakedsecurity.sophos.com/2011/06/30/groupon-subsidiary-leaks-300k-logins-fixes-fail-fails-again/, June 2011.

[46]

G. E. Suh. AEGIS: A Single-Chip Secure Processor. PhD thesis, Massachusetts Institute of Technology, 2005.

Digital Library

[47]

The Register. Disgruntled admin gets 63 months for massive data deletion. http://www.theregister.co.uk/2008/06/13/it_manager_rampage_sentence/, June 2008.

[48]

The Wall Street Journal. Google Discloses Privacy Glitch. http://blogs.wsj.com/digits/2009/03/08/1214/, March 2009.

[49]

US-CERT. SSH CRC32 attack detection code contains remote integer overflow. http://www.kb.cert.org/vuls/id/945216, October 2003.

[50]

R. von Behren, J. Condit, and E. Brewer. Why Events Are A Bad Idea (for high-concurrency servers). In Proceedings of the 9th Workshop on Hot Topics in Operating Systems (HotOS), 2003.

Digital Library

[51]

R. N. M. Watson, J. Anderson, B. Laurie, and K. Kennaway. Capsicum: practical capabilities for UNIX. In Proceedings of the $19^th$ USENIX Security Symposium (USENIX Sec), pages 29--46, 2010.

Digital Library

[52]

M. Welsh, D. Culler, and E. Brewer. SEDA: An Architecture for Well-Conditioned, Scalable Internet Services. In Proceedings of the 18th ACM Symposium on Operating Systems Principles (SOSP), pages 230--243, 2001.

Digital Library

[53]

S. R. White and L. Comerford. ABYSS: An Architecture for Software Protection. IEEE Transactions of Software Engineering, 16(6):619--629, June 1990.

Digital Library

[54]

W. Xu, S. Bhatkar, and R. Sekar. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. In Proceedings of the 15th USENIX Security Symposium (USENIX Sec), page 121--136, 2006.

Digital Library

[55]

H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pages 116--127, 2007.

Digital Library

[56]

S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure Program Partitioning. ACM Transactions on Computer Systems (TOCS), 20(3):283--328, August 2002.

Digital Library

[57]

D. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking. SIGOPS Operating Systems Review, 45(1):142--154, January 2011.

Digital Library

Cited By

Kumar SPanda ASarangi SBellavista PZhang KGherbi ABagchi SPatiño MDi Modica GGascon-Samson J(2022)SecureLeaseProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3531514(29-42)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3528535.3531514
Kumar SMoolchandani DSarangi S(2022)Hardware-assisted mechanisms to enforce control flow integrityJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2022.102644130:COnline publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1016/j.sysarc.2022.102644
Townley DKhasawneh KPonomarev DAbu-Ghazaleh NYu L(2019)LATCHProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358327(969-982)Online publication date: 12-Oct-2019
https://dl.acm.org/doi/10.1145/3352460.3358327
Show More Cited By

Index Terms

Adaptive defenses for commodity software through virtual application partitioning
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Identifying and Understanding Self-Checksumming Defenses in Software
CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Software self-checksumming is widely used as an anti-tampering mechanism for protecting intellectual property and deterring piracy. This makes it important to understand the strengths and weaknesses of various approaches to self-checksumming. This paper ...
Control-Flow Carrying Code
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Control-Flow Integrity~(CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention~(DEP), as an underlying ...
Application partitioning algorithms in mobile cloud computing

Mobile cloud computing (MCC) enables the development of computational intensive mobile applications by leveraging the application processing services of computational clouds. Contemporary distributed application processing frameworks use runtime ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
601
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kumar SPanda ASarangi SBellavista PZhang KGherbi ABagchi SPatiño MDi Modica GGascon-Samson J(2022)SecureLeaseProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3531514(29-42)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3528535.3531514
Kumar SMoolchandani DSarangi S(2022)Hardware-assisted mechanisms to enforce control flow integrityJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2022.102644130:COnline publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1016/j.sysarc.2022.102644
Townley DKhasawneh KPonomarev DAbu-Ghazaleh NYu L(2019)LATCHProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358327(969-982)Online publication date: 12-Oct-2019
https://dl.acm.org/doi/10.1145/3352460.3358327
Koutroumpouchos NNtantogian CMenesidou SLiang KGouvas PXenakis CGiannetsos T(2019)Secure Edge Computing with Lightweight Control-Flow Property-based Attestation2019 IEEE Conference on Network Softwarization (NetSoft)10.1109/NETSOFT.2019.8806658(84-92)Online publication date: Jun-2019
https://doi.org/10.1109/NETSOFT.2019.8806658
Koo HChen YLu LKemerlis VPolychronakis M(2018)Compiler-Assisted Code Randomization2018 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2018.00029(461-477)Online publication date: May-2018
https://doi.org/10.1109/SP.2018.00029
Pomonis MPetsios TKeromytis APolychronakis MKemerlis V(2017)kR^XProceedings of the Twelfth European Conference on Computer Systems10.1145/3064176.3064216(420-436)Online publication date: 23-Apr-2017
https://dl.acm.org/doi/10.1145/3064176.3064216
Shrivastava RHota CShrivastava P(2017)Protection against code exploitation using ROP and check-summing in IoT environment2017 5th International Conference on Information and Communication Technology (ICoIC7)10.1109/ICoICT.2017.8074641(1-6)Online publication date: May-2017
https://doi.org/10.1109/ICoICT.2017.8074641
Atamli‐Reineh APaverd APetracca GMartin A(2017)A framework for application partitioning using trusted execution environmentsConcurrency and Computation: Practice and Experience10.1002/cpe.413029:23Online publication date: 23-Apr-2017
https://doi.org/10.1002/cpe.4130
Rubinov KRosculete LMitra TRoychoudhury ADillon LVisser WWilliams L(2016)Automated partitioning of android applications for trusted execution environmentsProceedings of the 38th International Conference on Software Engineering10.1145/2884781.2884817(923-934)Online publication date: 14-May-2016
https://dl.acm.org/doi/10.1145/2884781.2884817
Geneiatakis D(2016)Minimizing Databases Attack Surface Against SQL Injection AttacksInformation and Communications Security10.1007/978-3-319-29814-6_1(1-9)Online publication date: 5-Mar-2016
https://doi.org/10.1007/978-3-319-29814-6_1
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents