Identifying Arbitrary Memory Access Vulnerabilities in Privilege-Separated Software
نویسندگان
چکیده
Privilege separation is a widely used technique to secure complex software systems. With privilege separation, software components are divided into several partitions and these partitions can only communicate through limited interfaces. However, the interfaces still provide a channel for one partition to influence code in other partitions. As a result, certain memory access patterns can be leveraged by attackers to perform arbitrary memory access. We refer to this type of memory access errors by the acronym DUI (Dereference Under the Influence). In this paper, we present a systematic method to detect vulnerabilities leading to DUI through binary analysis, and to estimate the capability attackers can obtain through DUI exploits. The evaluation shows that our approach can accurately identify vulnerable code that leads to arbitrary memory access in real-world software components and programs, when they are transformed to privilege-separated designs.
منابع مشابه
Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA)
For over two-and-a-half decades, dating to the first widespread commercial deployment of the Internet, commodity processor architectures have failed to provide robust and secure foundations for communication and commerce. This is in large part due to the omission of architectural features allowing e cient implementation of the Principle of Least Privilege, which dictates that software runs only...
متن کاملHardening Java's Access Control by Abolishing Implicit Privilege Elevation
While the Java runtime is installed on billions of devices and servers worldwide, it remains a primary attack vector for online criminals. As recent studies show, the majority of all exploited Java vulnerabilities comprise incorrect or insufficient implementations of access-control checks. This paper for the first time studies the problem in depth. As we find, attacks are enabled by shortcuts t...
متن کاملSecuring Script-Based Extensibility in Web Browsers
Web browsers are increasingly designed to be extensible to keep up with the Web’s rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the ...
متن کاملKratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework
The Android framework utilizes a permission-based security model, which is essentially a variation of the ACL-based access control mechanism. This security model provides controlled access to various system resources. Access control systems are known to be vulnerable to anomalies in security policies, such as inconsistency. In this work, we focus on inconsistent security enforcement within the ...
متن کاملWedge: Splitting Applications into Reduced-Privilege Compartments
Software vulnerabilities and bugs persist, and so exploits continue to cause significant damage, particularly by divulging users’ sensitive data to miscreants. Yet the vast majority of networked applications remain monolithically structured, in stark contravention of the ideal of least-privilege partitioning. Like others before us, we believe this state of affairs continues because today’s oper...
متن کامل