Process firewalls: Protecting processes during resource access

Hayawardh Vijayakumar, Joshua Schiffman, Trent Ray Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10% of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes - rather than sandboxing them - it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4% overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8% more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.

Original languageEnglish (US)
Title of host publicationProceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013
Pages57-70
Number of pages14
DOIs
StatePublished - May 17 2013
Event8th ACM European Conference on Computer Systems, EuroSys 2013 - Prague, Czech Republic
Duration: Apr 15 2013Apr 17 2013

Publication series

NameProceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013

Other

Other8th ACM European Conference on Computer Systems, EuroSys 2013
CountryCzech Republic
CityPrague
Period4/15/134/17/13

Fingerprint

Hazards and race conditions
Application programming interfaces (API)
Linux

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Electrical and Electronic Engineering

Cite this

Vijayakumar, H., Schiffman, J., & Jaeger, T. R. (2013). Process firewalls: Protecting processes during resource access. In Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013 (pp. 57-70). (Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013). https://doi.org/10.1145/2465351.2465358
Vijayakumar, Hayawardh ; Schiffman, Joshua ; Jaeger, Trent Ray. / Process firewalls : Protecting processes during resource access. Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013. 2013. pp. 57-70 (Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013).
@inproceedings{b7b751bfcf9f4f27b4b67111d4fc02db,
title = "Process firewalls: Protecting processes during resource access",
abstract = "Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10{\%} of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes - rather than sandboxing them - it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4{\%} overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8{\%} more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.",
author = "Hayawardh Vijayakumar and Joshua Schiffman and Jaeger, {Trent Ray}",
year = "2013",
month = "5",
day = "17",
doi = "10.1145/2465351.2465358",
language = "English (US)",
isbn = "9781450319942",
series = "Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013",
pages = "57--70",
booktitle = "Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013",

}

Vijayakumar, H, Schiffman, J & Jaeger, TR 2013, Process firewalls: Protecting processes during resource access. in Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013. Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013, pp. 57-70, 8th ACM European Conference on Computer Systems, EuroSys 2013, Prague, Czech Republic, 4/15/13. https://doi.org/10.1145/2465351.2465358

Process firewalls : Protecting processes during resource access. / Vijayakumar, Hayawardh; Schiffman, Joshua; Jaeger, Trent Ray.

Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013. 2013. p. 57-70 (Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Process firewalls

T2 - Protecting processes during resource access

AU - Vijayakumar, Hayawardh

AU - Schiffman, Joshua

AU - Jaeger, Trent Ray

PY - 2013/5/17

Y1 - 2013/5/17

N2 - Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10% of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes - rather than sandboxing them - it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4% overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8% more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.

AB - Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10% of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes - rather than sandboxing them - it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4% overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8% more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.

UR - http://www.scopus.com/inward/record.url?scp=84877716990&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877716990&partnerID=8YFLogxK

U2 - 10.1145/2465351.2465358

DO - 10.1145/2465351.2465358

M3 - Conference contribution

AN - SCOPUS:84877716990

SN - 9781450319942

T3 - Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013

SP - 57

EP - 70

BT - Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013

ER -

Vijayakumar H, Schiffman J, Jaeger TR. Process firewalls: Protecting processes during resource access. In Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013. 2013. p. 57-70. (Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013). https://doi.org/10.1145/2465351.2465358