Skip to main content
SpringerLink
Log in

Salus: Non-hierarchical Memory Access Rights to Enforce the Principle of Least Privilege

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2013)

Abstract

Consumer devices are increasingly being used to perform security and privacy critical tasks. The software used to perform these tasks is often vulnerable to attacks, due to bugs in the application itself or in included software libraries. Recent work proposes the isolation of security-sensitive parts of applications into protected modules, each of which can only be accessed through a predefined public interface. But most parts of an application can be considered security-sensitive at some level, and an attacker that is able to gain in-application level access may be able to abuse services from protected modules.

We propose Salus, a Linux kernel modification that provides a novel approach for partitioning processes into isolated compartments. By enabling compartments to restrict the system calls they are allowed to perform and to authenticate their callers and callees, the impact of unsafe interfaces and vulnerable compartments is significantly reduced. We describe the design of Salus, report on a prototype implementation and evaluate it in terms of security and performance. We show that Salus provides a significant security improvement with a low performance overhead, without relying on any non-standard hardware support.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. One, A.: Smashing the stack for fun and profit. Phrack Magazine 7(49) (1996)

    Google Scholar 

  2. Erlingsson, Ú.: Low-level software security: Attacks and defenses. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2006/2007. LNCS, vol. 4677, pp. 92–134. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: EuroSec 2009, pp. 1–8. ACM (2009)

    Google Scholar 

  4. Younan, Y., Joosen, W., Piessens, F.: Code injection in c and c++: A survey of vulnerabilities and countermeasures. Technical report, KULeuven (2004)

    Google Scholar 

  5. Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., Lokier, J.: Formatguard: automatic protection from printf format string vulnerabilities. In: SSYM 2001, p. 15. USENIX Association, Berkeley (2001)

    Google Scholar 

  6. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX 2005, vol. 14, p. 12 (2005)

    Google Scholar 

  7. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: EuroSys 2008. ACM (April 2008)

    Google Scholar 

  8. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: SP 2010 (May 2010)

    Google Scholar 

  9. Azab, A., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: CCS 2011, pp. 375–388. ACM (2011)

    Google Scholar 

  10. Strackx, R., Piessens, F.: Fides: Selectively hardening software application components against kernel-level or process-level malware. In: CCS 2012 (October 2012)

    Google Scholar 

  11. Noorman, J., Agten, P., Daniels, W., Strackx, R., Herrewege, A.V., Huygens, C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: Proceedings of the 22nd USENIX Security Symposium (2013)

    Google Scholar 

  12. Agten, P., Strackx, R., Jacobs, B., Piessens, F.: Secure compilation to modern processors. In: CSF 2012, pp. 171–185. IEEE Computer Society (2012)

    Google Scholar 

  13. Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing tcb complexity for security-sensitive applications: three case studies. In: EuroSys 2006 (2006)

    Google Scholar 

  14. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS 37(5) (2003)

    Google Scholar 

  15. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  16. Watson, R.N., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: practical capabilities for unix. In: USENIX Security (2010)

    Google Scholar 

  17. Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers & Security 11(1), 75–89 (1992)

    Article  Google Scholar 

  18. Hoogstraten, H., Prins, R., Niggebrugge, D., Heppener, D., Groenewegen, F., Wettinck, J., Strooy, K., Arends, P., Pols, P., Kouprie, R., Moorrees, S., van Pelt, X., Hu, Y.Z.: Black tulip - report of the investigation into the diginotar certificate authority breach. Technical report, FoxIT (2012)

    Google Scholar 

  19. Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: an efficient pointer arithmetic checker for c programs. In: ASIACCS 2010, pp. 145–156. ACM, New York (2010)

    Google Scholar 

  20. Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In: USENIX 2009 (2009)

    Google Scholar 

  21. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: CCS 2007, pp. 552–561. ACM (2007)

    Google Scholar 

  22. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: CCS 2010, pp. 559–572. ACM, New York (2010)

    Google Scholar 

  23. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: USENIX 2003 (2003)

    Google Scholar 

  24. Jacobs, B., Piessens, F.: The VeriFast program verifier (2008)

    Google Scholar 

  25. Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  26. Liedtke, J.: Toward Real Microkernels. Communications of the ACM 39(9) (1996)

    Google Scholar 

  27. Yee, B., et al.: Native client: A sandbox for portable, untrusted x86 native code. In: SP 2009, pp. 79–93. IEEE (2009)

    Google Scholar 

  28. Sehr, D., et al.: Adapting software fault isolation to contemporary cpu architectures. In: USENIX Security Symposium (2010)

    Google Scholar 

  29. Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles, SOSP 1993, pp. 203–216. ACM, New York (1993)

    Chapter  Google Scholar 

  30. Strackx, R., Piessens, F., Preneel, B.: Efficient Isolation of Trusted Subsystems in Embedded Systems. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 344–361. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Niels Avonds, Raoul Strackx, Pieter Agten & Frank Piessens

Authors
  1. Niels Avonds
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raoul Strackx
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pieter Agten
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing and Mathematics, Charles Sturt University, Wagga Wagga, NSW, Australia

    Tanveer Zia

  2. School of Information Technologies, University of Sydney, Darlington, NSW, Australia

    Albert Zomaya

  3. Department of Computing, Macquarie University, Australia, Australia

    Vijay Varadharajan

  4. Department of EECS, University of Michigan, Ann Arbor, MI, USA

    Morley Mao

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Avonds, N., Strackx, R., Agten, P., Piessens, F. (2013). Salus: Non-hierarchical Memory Access Rights to Enforce the Principle of Least Privilege. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04283-1_16

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04282-4

  • Online ISBN: 978-3-319-04283-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation