Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Make least privilege a right (not a privilege)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Analyzing security architectures
Proceedings of the IEEE/ACM international conference on Automated software engineering
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Capsicum: practical capabilities for UNIX
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Structuring protocol implementations to protect sensitive data
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Proceedings of the 18th ACM conference on Computer and communications security
A taste of Capsicum: practical capabilities for UNIX
Communications of the ACM
Secure programming via visibly pushdown safety games
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
An evaluation of the Google Chrome extension security architecture
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Privilege separation in HTML5 applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Dune: safe user-level access to privileged CPU features
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Partitioning applications for hybrid and federated clouds
CASCON '12 Proceedings of the 2012 Conference of the Center for Advanced Studies on Collaborative Research
Lightweight snapshots and system-level backtracking
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Towards reducing the attack surface of software backdoors
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.02 |
Software vulnerabilities and bugs persist, and so exploits continue to cause significant damage, particularly by divulging users' sensitive data to miscreants. Yet the vast majority of networked applications remain monolithically structured, in stark contravention of the ideal of least-privilege partitioning. Like others before us, we believe this state of affairs continues because today's operating systems offer isolation primitives that are cumbersome. We present Wedge, a system well suited to the splitting of complex, legacy, monolithic applications into fine-grained, least-privilege compartments. Wedge consists of two synergistic parts: OS primitives that create compartments with default-deny semantics, which force the programmer to make compartments' privileges explicit; and Crowbar, a pair of run-time analysis tools that assist the programmer in determining which code needs which privileges for which memory objects. By implementing the Wedge system atop Linux, and applying it to the SSL-enabled Apache web server and the OpenSSH login server, we demonstrate that Wedge allows fine-grained compartmentalization of applications to prevent the leakage of sensitive data, at acceptable performance cost. We further show that Wedge is powerful enough to prevent a subtle man-in-the-middle attack that succeeds on a more coarsely privilege-separated Apache web server.