Paladin: Helping Programs Help Themselves with System Call Interposition

Today’s programs run in hostile environments. An adversary attacking a running process may radically alter the program’s course of execution. Such attacks will be of little value to the adversary unless he can cause the program to affect the outside world by executing a system call. A fruitful line of research on system call interposition has investigated using security checks on system calls to harden computer systems. We propose a novel system call interposition system called Paladin. In Paladin system call accesscontrol decisions are made by policy handlers, i.e. reference monitor procedures, built into applications. This represents a fundamental perspective shift from previous system call interposition work. Paladin provides a mechanism with which developers harden their own software against attacks from a hostile execution environment. In contrast, previous system call interposition systems attempt to protect computers from untrusted application binaries. In such systems, polices are external to the application and written by third parties.