research-article

A portable user-level approach for system-wide integrity protection

Authors:

R. SekarAuthors Info & Claims

ACSAC '13: Proceedings of the 29th Annual Computer Security Applications Conference

Pages 219 - 228

https://doi.org/10.1145/2523649.2523655

Published: 09 December 2013 Publication History

Abstract

In this paper, we develop an approach for protecting system integrity from untrusted code that may harbor sophisticated malware. We develop a novel dual-sandboxing architecture to confine not only untrusted, but also benign processes. Our sandboxes place only a few restrictions, thereby permitting most applications to function normally. Our implementation is performed entirely at the user-level, requiring no changes to the kernel. This enabled us to port the system easily from Linux to BSD. Our experimental results show that our approach preserves the usability of applications, while offering strong protection and good performance. Moreover, policy development is almost entirely automated, sparing users and administrators this cumbersome and difficult task.

References

[1]

Packet storm, http://packetstormsecurity.com.

[2]

Plash, http://plash.beasts.org/contents.html.

[3]

A. Acharya, M. Raje, and A. Raje. MAPbox: Using Parameterized Behavior Classes to Confine Applications. In USENIX Security, 2000.

Digital Library

[4]

A. V. Aho and M. J. Corasick. Efficient String Matching: An Aid to Bibliographic Search. In Communications of the ACM 18(6), 1975.

Digital Library

[5]

K. J. Biba. Integrity Considerations for Secure Computer Systems. In Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Hanscom Air Force Base, Bedford, Massachusetts, 1977.

[6]

C. Cowan, S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. Gligor. SubDomain: Parsimonious Server Security. In LISA, 2000.

Digital Library

[7]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and Event Processes in the Asbestos Operating System. In SOSP, 2005.

Digital Library

[8]

T. Fraser. LOMAC: Low Water-Mark Integrity Protection for COTS Environments. In S&P, 2000.

Digital Library

[9]

T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In NDSS, 2003.

[10]

T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A Delegating Architecture for Secure System Call Interposition. In NDSS, 2004.

[11]

I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker). In USENIX Security, 1996.

Digital Library

[12]

K. Jain and R. Sekar. User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement. In NDSS, 2000.

[13]

M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information Flow Control for Standard OS Abstractions. In SOSP, 2007.

Digital Library

[14]

N. Li, Z. Mao, and H. Chen. Usable Mandatory Integrity Protection for Operating Systems. In S&P, 2007.

Digital Library

[15]

Z. Liang, W. Sun, V. N. Venkatakrishnan, and R. Sekar. Alcatraz: An Isolated Environment for Experimenting with Untrusted Software. In TISSEC 12(3), 2009.

Digital Library

[16]

P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In USENIX ATC, 2001.

Digital Library

[17]

P. Loscocco and S. Smalley. Meeting Critical Security Objectives with Security-Enhanced Linux. In Ottawa Linux symposium, 2001.

[18]

Z. Mao, N. Li, H. Chen, and X. Jiang. Combining Discretionary Policy with Mandatory Information Flow in Operating Systems. In TISSEC 14(3), 2011.

Digital Library

[19]

P. Padala. Playing with ptrace, Part I, http://www.linuxjournal.com/article/6100.

Digital Library

[20]

N. Provos. Improving Host Security with System Call Policies. In USENIX Security, 2003.

Digital Library

[21]

R. Sekar. An Efficient Black-box Technique for Defeating Web Application Attacks. In NDSS, 2009.

[22]

R. Sekar, V. N. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney. Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications. In SOSP, 2003.

Digital Library

[23]

W. Sun, Z. Liang, V. N. Venkatakrishnan, and R. Sekar. One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments. In NDSS, 2005.

[24]

W. Sun, R. Sekar, Z. Liang, and V. N. Venkatakrishnan. Expanding Malware Defense by Securing Software Installations. In DIMVA, 2008.

Digital Library

[25]

W. Sun, R. Sekar, G. Poothia, and T. Karandikar. Practical Proactive Integrity Preservation: A Basis for Malware Defense. In S&P, 2008.

Digital Library

[26]

W. K. Sze. Portable Integrity Protection System (PIP). http://www.seclab.cs.sunysb.edu/seclab/pip.

[27]

C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux Security Modules: General Security Support for the Linux Kernel. In USENIX Security, 2002.

Digital Library

[28]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in HiStar. In OSDI, 2006.

Digital Library

Cited By

Sekar RHamlen KLu L(2020)Information FlowProceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation10.1145/3411502.3418421(1-2)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3411502.3418421
Hossain MSheikhi SSekar R(2020)Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00064(1139-1155)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00064
Mao WCai ZTowsley DFeng QGuan X(2017)Security importance assessment for system objects and malware detectionComputers and Security10.1016/j.cose.2017.02.00968:C(47-68)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.02.009
Show More Cited By

Index Terms

A portable user-level approach for system-wide integrity protection

Recommendations

Linux on HP Integrity Servers
Thoth, a portable real-time operating system

Thoth is a real-time operating system which is designed to be portable over a large set of machines. It is currently running on two minicomputers with quite different architectures. Both the system and application programs which use it are written in a ...
User-level operating system extensions based on system call interposition

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '13: Proceedings of the 29th Annual Computer Security Applications Conference

December 2013

374 pages

ISBN:9781450320153

DOI:10.1145/2523649

Conference Chair:
Charles N. Payne
Adventium Labs

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

ACSAC '13

Sponsor:

ACSA

ACSAC '13: Annual Computer Security Applications Conference

December 9 - 13, 2013

Louisiana, New Orleans, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
142
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sekar RHamlen KLu L(2020)Information FlowProceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation10.1145/3411502.3418421(1-2)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3411502.3418421
Hossain MSheikhi SSekar R(2020)Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00064(1139-1155)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00064
Mao WCai ZTowsley DFeng QGuan X(2017)Security importance assessment for system objects and malware detectionComputers and Security10.1016/j.cose.2017.02.00968:C(47-68)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.02.009
Sze WSekar R(2015)Provenance-based Integrity Protection for WindowsProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818011(211-220)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818011
Xiao JHuang HWang H(2015)Defeating Kernel Driver PurifierSecurity and Privacy in Communication Networks10.1007/978-3-319-28865-9_7(116-134)Online publication date: 2015
https://doi.org/10.1007/978-3-319-28865-9_7
Mao WCai ZTowsley DGuan X(2015)Probabilistic Inference on Integrity for Access Behavior Based Malware DetectionProceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 940410.1007/978-3-319-26362-5_8(155-176)Online publication date: 2-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-26362-5_8
Mao WCai ZGuan XTowsley DPayne CHahn AButler KSherr M(2014)Centrality metrics of importance in access behaviors and malware detectionsProceedings of the 30th Annual Computer Security Applications Conference10.1145/2664243.2664286(376-385)Online publication date: 8-Dec-2014
https://dl.acm.org/doi/10.1145/2664243.2664286
Sze WSekar ROsborn STripunitara MMolloy I(2014)Comprehensive integrity protection for desktop linuxProceedings of the 19th ACM symposium on Access control models and technologies10.1145/2613087.2613112(89-92)Online publication date: 25-Jun-2014
https://dl.acm.org/doi/10.1145/2613087.2613112
Sze WMital BSekar ROsborn STripunitara MMolloy I(2014)Towards more usable information flow policies for contemporary operating systemsProceedings of the 19th ACM symposium on Access control models and technologies10.1145/2613087.2613110(75-84)Online publication date: 25-Jun-2014
https://dl.acm.org/doi/10.1145/2613087.2613110
Sassu RRamunno GLioy A(2014)Practical Assessment of Biba Integrity for TCG-Enabled PlatformsProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.63(495-504)Online publication date: 24-Sep-2014
https://dl.acm.org/doi/10.1109/TrustCom.2014.63

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents