Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Capability-Based Computer Systems
Capability-Based Computer Systems
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
A Flexible Containment Mechanism for Executing Untrusted Code
Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
POLUS: A POwerful Live Updating System
ICSE '07 Proceedings of the 29th international conference on Software Engineering
RaceGuard: kernel protection from temporary file race vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Fixing races for fun and profit: how to use access(2)
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Fixing races for fun and profit: how to abuse atime
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Exploiting Unix File-System Races via Algorithmic Complexity Attacks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Operating system integrity in OS/VS2
IBM Systems Journal
Capsicum: practical capabilities for UNIX
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Environment-sensitive intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Safe Loading - A Foundation for Secure Execution of Untrusted Programs
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Integrity walls: finding attack surfaces from mandatory access control policies
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
| Hi-index | 0.00 |
Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10% of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes -- rather than sandboxing them -- it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4% overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8% more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.