research-article

Open access

Towards Fine-grained, Automated Application Compartmentalization

Authors:

Nikos Vasilakis,

Nathan Dautenhahn,

Jonathan M. SmithAuthors Info & Claims

PLOS '17: Proceedings of the 9th Workshop on Programming Languages and Operating Systems

Pages 43 - 50

https://doi.org/10.1145/3144555.3144563

Published: 28 October 2017 Publication History

Abstract

The rise of language-specific, third-party packages simplifies application development. However, relying on untrusted code poses a threat to security and reliability.

In this work, we propose exploiting module boundaries --and the general trend towards more and smaller modules --to achieve fine-grained compartmentalization. Automated transformations can hide compartment boundaries and minimize developer effort. Optional policy expressions can decouple security assumptions at development time from requirements during composition and runtime. Using JavaScript's flourishing ecosystem, we discuss a wide range of risks and sketch how the use of language-level solutions coupled systemic mechanisms can protect against them.

References

[1]

Pieter Agten, Steven Van Acker, Yoran Brondsema, Phu H. Phung, Lieven Desmet, and Frank Piessens. 2012. JSand: Complete Client-side Sandboxing of Third-party JavaScript Without Browser Modifications. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12). ACM, New York, NY, USA, 1--10. https://doi.org/10.1145/2420950.2420952

Digital Library

[2]

Slovakia's National Security Authority. 2017. skcsirt-sa-20170909-pypi. (Sep 2017). http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ ccessed: 2017-09-15.

[3]

Mick Bauer. 2009. Paranoid penguin: AppArmor in Ubuntu 9. Linux Journal 2009, 185 (2009), 9. http://www.linuxjournal.com/magazine/paranoid-penguin-apparmor-ubuntu-9 Accessed: 2016-09-30.

Digital Library

[4]

Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08). USENIX Association, Berkeley, CA, USA, 309--322. http://dl.acm.org/citation.cfm?id=1387589.1387611

Digital Library

[5]

Oscar Bolmsten. 2017. Looks like this npm package is stealing env variables on install. (Aug 2017). https://twiter.com/o_cee/status/892306836199800836 Accessed: 2017-08-11.

[6]

Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08). USENIX Association, Berkeley, CA, USA, 209--224. http://dl.acm.org/citation.cfm?id=1855741.1855756

Digital Library

[7]

Mircea Cadariu, Eric Bouwers, Joost Visser, and Arie van Deursen. 2015. Tracking known security vulnerabilities in proprietary software systems. In Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on. IEEE, 516--519.

[8]

Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Linux Kernel Vulnerabilities: State-of-the-art Defenses and Open Problems. In Proceedings of the Second Asia-Pacific Workshop on Systems (APSys '11). ACM, New York, NY, USA, Article 5, 5 pages. https://doi.org/10.1145/2103799.2103805

Digital Library

[9]

Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 3--3. http://dl.acm.org/citation.cfm?id=1251353.1251356

Digital Library

[10]

Edsger W Dijkstra. 1982. On the role of scientific thought. In Selected writings on computing: a personal perspective. Springer, 60--66.

[11]

Marius Eriksen. 2013. Your Server As a Function. In Proceedings of the Seventh Workshop on Programming Languages and Operating Systems (PLOS '13). ACM, New York, NY, USA, Article 5, 7 pages. https://doi.org/10.1145/2525528.2525538

Digital Library

[12]

Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub, and Benjamin Livshits. 2013. Fully Abstract Compilation to JavaScript. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '13). ACM, New York, NY, USA, 371--384. https://doi.org/10.1145/2429069.2429114

Digital Library

[13]

Martin Fowler and James Lewis. 2014. Microservices. (2014). http://martinfowler.com/articles/microservices.html Accessed: 2015-02-17.

[14]

Ghost. Ghost Publishing Platform. http://ghost.org/. (????). Accessed: 2017-01-01.

[15]

Khilan Gudka, Robert N.M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, and Alex Richardson. 2015. Clean Application Compartmentalization with SOAAP. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). ACM, New York, NY, USA, 1016--1031. https://doi.org/10.1145/2810103.2813611

Digital Library

[16]

Philipp Haller and Martin Odersky. 2009. Scala Actors: Unifying Thread-based and Event-based Programming. Theor. Comput. Sci. 410, 2--3 (Feb. 2009), 202--220. https://doi.org/10.1016/j.tcs.2008.09.019

Digital Library

[17]

Scott Hendrickson, Stephen Sturdevant, Tyler Harter, Venkateshwaran Venkataramani, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2016. Serverless Computation with OpenLambda. In 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 16). USENIX Association, Denver, CO. https://www.usenix.org/conference/hotcloud16/workshop-program/presentation/hendrickson

Digital Library

[18]

Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum. 2006. MINIX 3: A Highly Reliable, Self-repairing Operating System. SIGOPS Oper. Syst. Rev. 40, 3 (July 2006), 80--89. https://doi.org/10.1145/1151374.1151391

Digital Library

[19]

Michael J. Accetta, Robert Baron, William J. Bolosky, David B. Golub, Richard F. Rashid, Avadis Tevanian, and Michael Wayne Young. 1986. Mach: A New Kernel Foundation for UNIX Development. In USENIX Summer Technical Conference. Usenix, 93--113. http://www.cs.ubc.ca/~norm/508/2009W1/mach_usenix86.pdf

[20]

Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos. 2016. Diplomat: Using Delegations to Protect Community Repositories. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16). USENIX Association, Santa Clara, CA, 567--581. https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy

[21]

Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA.

[22]

Henry M. Levy. 1984. Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA, USA. http://www.cs.washington.edu/homes/levy/capabook/

[23]

Jochen Liedtke, Kevin Elphinstone, Sebastian Schonberg, Hermann Hartig, Gernot Heiser, Nayeem Islam, and Trent Jaeger. 1997. Achieved IPC performance (still the foundation for extensibility). In Operating Systems, 1997., The Sixth Workshop on Hot Topics in. IEEE, 28--31.

[24]

James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, GA, 49--64. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/liton

Digital Library

[25]

Jeremy Long. 2015. OWASP Dependency Check. (2015). https://www.owasp.org/index.php/OWASP_Dependency_Check Accessed: 2017-02-17.

[26]

Peter Loscocco and Stephen Smalley. 2001. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference. USENIX Association, Berkeley, CA, USA, 29--42. http://dl.acm.org/citation.cfm?id=647054.715771

Digital Library

[27]

Michael Maass. 2016. A Theory and Tools for Applying Sandboxes Effectively. Ph.D. Dissertation. CMU.

[28]

Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J. 2014, 239, Article 2 (March 2014). http://dl.acm.org/citation.cfm?id=2600239.2600241

Digital Library

[29]

James Mickens. 2014. Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains. In 2014 IEEE Symposium on Security and Privacy. 261--275. https://doi.org/10.1109/SP.2014.24

Digital Library

[30]

Mark S Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe active content in sanitized JavaScript. Google, Inc., Tech. Rep (2008).

[31]

Sam Newman. 2015. Building Microservices. O'Reilly Media, Inc.

Digital Library

[32]

npm, Inc. 2012. npm-shrinkwrap: Lock down dependency versions. (2012). https://docs.npmjs.com/cli/shrinkwrap Accessed: 2017-02-03.

[33]

Erlend Oftedal et al. 2016. RetireJS. (2016). http://retirejs.github.io/retire.js/ Accessed: 2017-05-18.

[34]

Niels Provos, Markus Friedl, and Peter Honeyman. 2003. Preventing Privilege Escalation. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 16--16. http://dl.acm.org/citation.cfm?id=1251353.1251369

Digital Library

[35]

Eric Raymond. 1999. The cathedral and the bazaar. Knowledge, Technology & Policy 12, 3 (1999), 23--49.

[36]

Luigi Rizzo. 2012. Netmap: a novel framework for fast packet I/O. In 21st USENIX Security Symposium (USENIX Security 12). 101--112.

Digital Library

[37]

J. M. Rushby. 1981. Design and Verification of Secure Systems. In Proceedings of the Eighth ACM Symposium on Operating Systems Principles (SOSP '81). ACM, New York, NY, USA, 12--21. https://doi.org/10.1145/800216.806586

Digital Library

[38]

Sam Saccone. 2016. npm fails to restrict the actions of malicious npm packages. https://www.kb.cert.org/vuls/id/319816. (2016). Accessed: 2017-06-05.

[39]

Jerome H Saltzer and Michael D Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (1975), 1278--1308.

[40]

Isaac Z. Schlueter et al. 2010. Node Package Manager. (2010). https://npmjs.com Accessed: 2017-02-17.

[41]

Node Security. 2016. Continuous Security monitoring for your node apps. https://nodesecurity.io/. (2016). Accessed: 2017-01-01.

[42]

Jonathan S. Shapiro, Jonathan M. Smith, and David J. Farber. 1999. EROS: A Fast Capability System. In Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles (SOSP '99). ACM, New York, NY, USA, 170--185. https://doi.org/10.1145/319151.319163

Digital Library

[43]

Snyk. 2016. Find, fix and monitor for known vulnerabilities in Node.js and Ruby packages. https://snyk.io/. (2016). Accessed: 2017-05-18.

[44]

Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, and David Mazières. 2014. Protecting Users by Confining JavaScript with COWL. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). USENIX Association, Broomfield, CO, 131--146. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/stefan

Digital Library

[45]

Jeff Terrace, Stephen R. Beard, and Naga Praveen Kumar Katta. 2012. JavaScript in JavaScript (js.js): Sandboxing Third-Party Scripts. In Presented as part of the 3rd USENIX Conference on Web Application Development (WebApps 12). USENIX, Boston, MA, 95--100. https://www.usenix.org/conference/webapps12/technical-sessions/presentation/terrace

[46]

Nikolai Philipp Tschacher. 2016. Typosquatting in Programming Language Package Managers. Bachelor Thesis. University of Hamburg.

[47]

Nikos Vasilakis, Ben Karel, and Jonathan M. Smith. 2015. From Lone Dwarfs to Giant Superclusters: Rethinking Operating System Abstractions for the Cloud. In 15th Workshop on Hot Topics in Operating Systems (HotOS XV). USENIX Association, Kartause Ittingen, Switzerland. https://www.usenix.org/conference/hotos15/workshop-program/presentation/vasilakis

[48]

Robert Virding, Claes Wikström, and Mike Williams. 1996. Concurrent Programming in ERLANG (2Nd Ed.). Prentice Hall International (UK) Ltd., Hertfordshire, UK, UK.

Digital Library

[49]

Ashley G Williams. 2016. Changes to npm's unpublish policy. http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy. (2016).

[50]

Serdar Yegulalp. 2016. How one yanked JavaScript package wreaked havoc. http://www.infoworld.com/article/3047177/javascript/how-one-yanked-javascript-package-wreaked-havoc.html. (2016).

Cited By

Bhattacharyya AHofhammer FLi YGupta SSanchez AFalsafi BPayer M(2023)SecureCells: A Secure Compartmentalized Architecture2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179472(2921-2939)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179472
Zhou XLi JZhang WZhou YShen WRen KBromberg YKermarrec AKozyrakis C(2022)OPECProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519573(317-333)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519573
Qiang WLuo H(2022)AutoSlicer: Automatic Program Partitioning for Securing Sensitive Data Based-on Data Dependency Analysis and Code Refactoring2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00042(239-247)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00042
Show More Cited By

Index Terms

Towards Fine-grained, Automated Application Compartmentalization
1. Security and privacy
  1. Network security
    1. Denial-of-service attacks
  2. Software and application security
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Modules / packages

Recommendations

Clean Application Compartmentalization with SOAAP
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Application compartmentalization, a vulnerability mitigation technique employed in programs such as OpenSSH and the Chromium web browser, decomposes software into isolated components to limit privileges leaked or otherwise available to attackers. ...
Towards Forensic Analysis of Attacks with DNSSEC
SPW '14: Proceedings of the 2014 IEEE Security and Privacy Workshops

DNS cache poisoning is a stepping stone towards advanced (cyber) attacks, and can be used to monitor users' activities, for censorship, to distribute malware and spam, and even to subvert correctness and availability of Internet networks and services. ...
Dynamic Library Compartmentalization
SPLASH 2023: Companion Proceedings of the 2023 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity

Software is composed of different parts with different goals, each with different needs. Security-wise, this means not all necessarily need the same permissions: it can be beneficial to isolate some code such that it has limited control over the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLOS '17: Proceedings of the 9th Workshop on Programming Languages and Operating Systems

October 2017

62 pages

ISBN:9781450351539

DOI:10.1145/3144555

Program Chair:
Julia Lawall

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SOSP '17

Sponsor:

SIGOPS
USENIX Assoc

SOSP '17: ACM SIGOPS 26th Symposium on Operating Systems Principles

October 28, 2017

Shanghai, China

Acceptance Rates

Overall Acceptance Rate 17 of 32 submissions, 53%

Upcoming Conference

SOSP '24

Sponsor:
sigops

ACM SIGOPS 30th Symposium on Operating Systems Principles

November 5 - 8, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
590
Total Downloads

Downloads (Last 12 months)131
Downloads (Last 6 weeks)20

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bhattacharyya AHofhammer FLi YGupta SSanchez AFalsafi BPayer M(2023)SecureCells: A Secure Compartmentalized Architecture2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179472(2921-2939)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179472
Zhou XLi JZhang WZhou YShen WRen KBromberg YKermarrec AKozyrakis C(2022)OPECProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519573(317-333)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519573
Qiang WLuo H(2022)AutoSlicer: Automatic Program Partitioning for Securing Sensitive Data Based-on Data Dependency Analysis and Code Refactoring2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00042(239-247)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00042
Cambronero JDang TVasilakis NShen JWu JRinard MMasuhara HPetricek T(2019)Active learning for software engineeringProceedings of the 2019 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software10.1145/3359591.3359732(62-78)Online publication date: 23-Oct-2019
https://dl.acm.org/doi/10.1145/3359591.3359732

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents