Fine-grained Program Partitioning for Security
EUROSYS(2021)
摘要
ABSTRACTComplex software systems are often not designed with the principle of least privilege, which requires each component be given the minimum amount of privileges to function. As a result, software vulnerabilities in less privileged code can lead to privilege escalation, defeating security and privacy. Privilege separation is the process of automatically partitioning a software system into least privileged components, and we argue that it is effective at reducing the attack surface. However, previous privilege-separation systems do not provide fine-grained separation of privileged code and non-privileged code co-existing in the same function for C/C++ applications. We propose a fine-grained partitioning technique for supporting fine-grained separation in automatic program partitioning. The technique has been applied to a set of security-sensitive networking and interactive programs. Results show that it can automatically generate executable partitions for C applications; further, partitioned programs incur acceptable runtime overheads.
更多查看译文
关键词
software security, program partitioning, principle of least privilege, program analysis
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要