poster

Poster: Shielding AppSPEAR - Enhancing Memory Safety for Trusted Application-level Security Policy Enforcement

Author:

Marius SchlegelAuthors Info & Claims

SACMAT '21: Proceedings of the 26th ACM Symposium on Access Control Models and Technologies

Pages 99 - 101

https://doi.org/10.1145/3450569.3464396

Published: 11 June 2021 Publication History

Get Access

Abstract

This paper tackles the problem of memory-safe implementation of the AppSPEAR framework for application-level security policy enforcement. We contribute with a feasibility study that demonstrates the performance overhead of applying Rust's memory safety features on top of SGX trusted execution technology.

References

[1]

James P. Anderson. 1972. Computer Security Technology Planning Study. Rep. ESD-TR-73--51.

Google Scholar

[2]

Jinfu Chen, Weiyi Shang, Ahmed E. Hassan, Yong Wang, and Jiangbin Lin. 2019. An Experience Report of Generating Load Tests Using Log-recovered Workloads at Varying Granularities of User Behaviour. In ASE '19.

Digital Library

Google Scholar

[3]

David Ferraiolo, Ramaswamy Chandramouli, Rick Kuhn, and Vincent Hu. 2016. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC). In ABAC '16.

Digital Library

Google Scholar

[4]

Intel Corp. 2019. Intel® SGX. https://software.intel.com/en-us/sgx.

Google Scholar

[5]

Peter A. Loscocco and Stephen D. Smalley. 2001. Integrating Flexible Support for Security Policies into the Linux Operating System. In ATC '01.

Google Scholar

[6]

Nicholas D. Matsakis and Felix S. Klock. 2014. The Rust Language. In HILT '14.

Google Scholar

[7]

OpenMRS Inc. 2020. https://wiki.openmrs.org/display/RES/Demo+Data.

Google Scholar

[8]

Marius Schlegel. 2021. Trusted Enforcement of Application-specific Security Policies .arxiv: 2105.01970

Google Scholar

[9]

Huibo Wang, Pei Wang, Yu Ding, Mingshen Sun, Yiming Jing, Ran Duan, Long Li, Yulong Zhang, Tao Wei, and Zhiqiang Lin. 2019. Towards Memory Safe Enclave Programming with Rust-SGX. In CCS '19.

Google Scholar

[10]

Robert N. M. Watson. 2013. A Decade of OS Access-control Extensibility. ACM Queue, Vol. 11, 1 (2013).

Google Scholar

Cited By

View all

Schlegel M(2023)Trusted Implementation and Enforcement of Application Security PoliciesE-Business and Telecommunications10.1007/978-3-031-36840-0_16(362-388)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-3-031-36840-0_16
Schlegel MAmthor P(2023)Putting the Pieces Together: Model-Based Engineering Workflows for Attribute-Based Access Control PoliciesE-Business and Telecommunications10.1007/978-3-031-36840-0_12(249-280)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-3-031-36840-0_12
Penelova M(2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.2478/cait-2021-0044

Index Terms

Poster: Shielding AppSPEAR - Enhancing Memory Safety for Trusted Application-level Security Policy Enforcement
1. Security and privacy
  1. Security services
    1. Access control
  2. Software and application security

Recommendations

A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

This paper analyzes the vulnerability space arising in Trusted Execution Environments (TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious code. Considerable research and industry effort has gone into developing ...
An Analysis of the Rust Programming Practice for Memory Safety Assurance
Web Information Systems and Applications
Abstract
Memory safety is a critical concern in software development, as related issues often lead to program crashes, vulnerabilities, and security breaches, leading to severe consequences for applications and systems. This paper provides a detailed ...
Validating Memory Safety in Rust Binaries
EuroSec '24: Proceedings of the 17th European Workshop on Systems Security

Without depending on heavy runtime support, Rust can realize fast machine code that mitigates most of the common attacks associated with memory-corruption and can appear in all unsafe machine code developed using C/C++. Most of the work for producing ...

Comments

Information & Contributors

Information

Published In

SACMAT '21: Proceedings of the 26th ACM Symposium on Access Control Models and Technologies

June 2021

194 pages

ISBN:9781450383653

DOI:10.1145/3450569

General Chair:
Jorge Lobo
ICREA & Universitat Pompeu Fabra, Spain
,
Program Chairs:
Roberto Di Pietro
Hamad Bin Khalifa University
,
Omar Chowdhury
The University of Iowa

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2021

Check for updates

Author Tags

Qualifiers

Poster

Conference

SACMAT '21

Sponsor:

SIGSAC

SACMAT '21: The 26th ACM Symposium on Access Control Models and Technologies

June 16 - 18, 2021

Virtual Event, Spain

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
217
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Schlegel M(2023)Trusted Implementation and Enforcement of Application Security PoliciesE-Business and Telecommunications10.1007/978-3-031-36840-0_16(362-388)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-3-031-36840-0_16
Schlegel MAmthor P(2023)Putting the Pieces Together: Model-Based Engineering Workflows for Attribute-Based Access Control PoliciesE-Business and Telecommunications10.1007/978-3-031-36840-0_12(249-280)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-3-031-36840-0_12
Penelova M(2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.2478/cait-2021-0044

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes

An Analysis of the Rust Programming Practice for Memory Safety Assurance

Validating Memory Safety in Rust Binaries

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations