Fine-grained Program Partitioning for Security

Zhen Huang, Trent Jaeger, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Complex software systems are often not designed with the principle of least privilege, which requires each component be given the minimum amount of privileges to function. As a result, software vulnerabilities in less privileged code can lead to privilege escalation, defeating security and privacy. Privilege separation is the process of automatically partitioning a software system into least privileged components, and we argue that it is effective at reducing the attack surface. However, previous privilege-separation systems do not provide fine-grained separation of privileged code and non-privileged code co-existing in the same function for C/C++ applications. We propose a fine-grained partitioning technique for supporting fine-grained separation in automatic program partitioning. The technique has been applied to a set of security-sensitive networking and interactive programs. Results show that it can automatically generate executable partitions for C applications; further, partitioned programs incur acceptable runtime overheads.

Original languageEnglish (US)
Title of host publicationEuroSec 2021 - Proceedings of the 14th European Workshop on Systems
PublisherAssociation for Computing Machinery, Inc
Pages21-26
Number of pages6
ISBN (Electronic)9781450383370
DOIs
StatePublished - Apr 26 2021
Event14th European Workshop on Systems, EuroSec 2021 - Virtual, Online, United Kingdom
Duration: Apr 26 2021 → …

Publication series

NameEuroSec 2021 - Proceedings of the 14th European Workshop on Systems

Conference

Conference14th European Workshop on Systems, EuroSec 2021
Country/TerritoryUnited Kingdom
CityVirtual, Online
Period4/26/21 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Cite this