ABSTRACT
Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to such breaches. While security practitioners may eventually learn which entry points in programs must be defended over a software's lifetime, new software and configuration options are frequently introduced, opening additional vulnerabilities to adversaries. The application developers' problem is to identify the program entry points accessible to adversaries and provide necessary defenses at these entry points before the adversaries use these to compromise the program. Unfortunately, this is a race that developers often lose. While some program vulnerable entry points are well-known (mostly network), the complexity of host systems makes it difficult to prevent local exploits should attackers gain control of any unprivileged processing. The question we explore in this paper is whether the program entry points accessible to adversaries can be found proactively, so defenses at these entry points can also be developed proactively.
- M. Howard et al. Measuring Relative Attack Surfaces. In WADIS '03, 2003.Google Scholar
- T. Jaeger et al. Analyzing integrity protection in the SELinux example policy. In USENIX Security, 2003. Google ScholarDigital Library
- X. Ou et al. A scalable approach to attack graph generation. In CCS '06, New York, NY, USA, 2006. Google ScholarDigital Library
- N. Provos et al. Preventing privilege escalation. In USENIX Security '03, 2003. Google ScholarDigital Library
- U. Shankar et al. Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. In NDSS, 2006.Google Scholar
- C. Wright et al. Linux security modules: General security support for the Linux kernel. In USENIX Security '02, 2002. Google ScholarDigital Library
Index Terms
- Integrity walls: finding attack surfaces from mandatory access control policies
Recommendations
Data confidentiality and integrity
CERIAS '15: Proceedings of the 16th Annual Information Security SymposiumThe root cause of most security vulnerabilities is memory corruption. Previous research focused on preventing memory corruptions attackers use to change the program's intended control-flow. As these protections become more refined and widely deployed, ...
Control Flow and Code Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications ConferenceDespite decades of sustained effort, memory corruption attacks continue to be one of the most serious security threats faced today. They are highly sought after by attackers, as they provide ultimate control --- the ability to execute arbitrary low-...
Security and Integrity Analysis Using Indicators
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber SecurityComputer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks ...
Comments