A rose by any other name or an insane root? Adventures in name resolution

Hayawardh Vijayakumar, Joshua Schiffman, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Namespaces are fundamental to computing systems. Each namespace maps the names that clients use to retrieve resources to the actual resources themselves. However, the indirection that namespaces provide introduces avenues of attack through the name resolution process. Adversaries can trick programs into accessing unintended resources by changing the binding between names and resources and by using names whose target resources are ambiguous. In this paper, we explore whether a unified system approach may be found to prevent many name resolution attacks. For this, we examine attacks on various namespaces and use these to derive invariants to defend against these attacks. Four prior techniques are identified that enforce aspects of name resolution, so we explore how these techniques address the proposed invariants. We find that each of these techniques are incomplete in themselves, but a combination could provide effective enforcement of the invariants. We implement a prototype system that can implement these techniques for the Linux file system namespace, and show that invariant rules specific to each, individual program system call can be enforced with a small overhead (less than 3%), indicating that fine-grained name resolution enforcement may be practical.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 7th European Conference on Computer Network Defense, EC2ND 2011
Pages1-8
Number of pages8
DOIs
StatePublished - Dec 1 2012
Event2011 7th European Conference on Computer Network Defense, EC2ND 2011 - Gothenburg, Sweden
Duration: Sep 6 2011Sep 7 2011

Publication series

NameProceedings - 2011 7th European Conference on Computer Network Defense, EC2ND 2011

Other

Other2011 7th European Conference on Computer Network Defense, EC2ND 2011
CountrySweden
CityGothenburg
Period9/6/119/7/11

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'A rose by any other name or an insane root? Adventures in name resolution'. Together they form a unique fingerprint.

Cite this