Abstract
Operating systems provide a wide variety of resource isolation and access control mechanisms, ranging from traditional user-based security models to fine-grained permission systems as found in modern mobile operating systems. However, comparatively little assistance is available for defining and enforcing access control policies within multi-user applications. These applications, often found in enterprise environments, allow multiple users to operate at different privilege levels in terms of exercising application functionality and accessing data. Developers of such applications bear a heavy burden in ensuring that security policies over code and data in this setting are properly expressed and enforced.
We present Trellis, an approach for expressing hierarchical access control policies in applications and enforcing these policies during execution. The approach enhances the development toolchain to allow programmers to partially annotate code and data with simple privilege level tags, and uses a static analysis to infer suitable tags for the entire application. At runtime, policies are extracted from the resulting binaries and are enforced by a modified operating system kernel. Our evaluation demonstrates that this approach effectively supports the development of secure multi-user applications with modest runtime performance overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Apache Shiro. https://shiro.apache.org/index.html
HomeBank. http://homebank.free.fr
Linux Desktop Testing Project. http://ldtp.freedesktop.org/
Parasite. https://chipx86.github.io/gtkparasite
SELinux. http://selinuxproject.org
Spring Security. http://projects.spring.io/spring-security
AbadĂ, M., Fournet, C.: Access control based on execution history. In: NDSS (2003)
Badger, L., Sterne, D., Sherman, D., Walker, K.M., Haghighat, S.A.: A domain and type enforcement UNIX prototype. In: USENIX Security (1995)
Bittau, A., Marchenko, P., Handley, M., Karp, B.: Wedge: splitting applications into reduced-privilege compartments. In: USENIX NSDI (2008)
Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: USENIX Security (2004)
Carson, M.E.: Sendmail without the superuser. In: USENIX Security (1993)
Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. In: ACM SOSP (2007)
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security (1998)
Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., Morris, R.: Labels and event processes in the Asbestos operating system. In: ACM SOSP (2005)
Evans, C.: Very Secure FTP Daemon. http://security.appspot.com/vsftpd.html
Kilpatrick, D.: Privman: a library for partitioning applications. In: USENIX ATC (2003)
Kim, T., Zeldovich, N.: Making Linux protection mechanisms egalitarian with UserFS. In: USENIX Security (2010)
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: ACM SOSP (2007)
McCamant, S., Morrisett, G.: Evaluating SFI for a CISC architecture. In: USENIX Security (2006)
Morrisett, G., Tan, G., Tassarotti, J., Tristan, J.B., Gan, E.: RockSalt: better, faster, stronger SFI for the x86. In: ACM PLDI (2012)
Mulliner, C., Robertson, W., Kirda, E.: Hidden GEMs: automated discovery of access control vulnerabilities in graphical user interfaces. In: IEEE Security and Privacy (2014)
Murray, D.G., Hand, S.: Privilege separation made easy: trusting small libraries not big processes. In: EuroSec (2008)
Peterson, D., Bishop, M., Pandey, R.: A flexible containment mechanism for executing untrusted code. In: USENIX Security (2002)
Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: USENIX Security (2003)
Saltzer, J.H.: Protection and the control of information sharing in multics. Commun. ACM 17(7), 388–402 (1974)
Shapiro, J.S., Smith, J.M., Farber, D.J.: EROS: a fast capability system. In: ACM SOSP (1999)
The PaX Team: PaX Address Space Layout Randomization (ASLR) (2003). http://pax.grsecurity.net/docs/aslr.txt
Venema, W.: The Postfix Homepage. http://www.postfix.org/
Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SOSP (1993)
Walker, K.M., Sterne, D.F., Badger, M.L., Petkac, M.J., Sherman, D.L., Oostendorp, K.A.: Confining root programs with domain and type enforcement (DTE). In: USENIX Security (1996)
Wilkes, M.V.: The Cambridge CAP Computer and Its Operating System. North-Holland Publishing Co., Amsterdam (1979)
Wu, Y., Sun, J., Liu, Y., Dong, J.S.: Automatically partition software into least privilege components using dynamic data dependency analysis. In: IEEE/ACM ASE (2013)
Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. ACM Trans. Comput. Syst. 20(3), 283–328 (2002)
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: USENIX OSDI (2006)
Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: IEEE Security and Privacy (2003)
Acknowledgments
We would like to thank our shepherd Vasileios P. Kemerlis for his helpful feedback. This work was supported by the National Science Foundation (NSF) under grant CNS-1409738, and Secure Business Austria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Mambretti, A. et al. (2016). Trellis: Privilege Separation for Multi-user Applications Made Easy. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2016. Lecture Notes in Computer Science(), vol 9854. Springer, Cham. https://doi.org/10.1007/978-3-319-45719-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-45719-2_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45718-5
Online ISBN: 978-3-319-45719-2
eBook Packages: Computer ScienceComputer Science (R0)