Towards Mostly-Automatic, System-Wide Integrity Policy Generation

Abstract

In this project, we aim to develop methods to identify and repair security risks in end-to-end system deployments (mostly) automatically. The aim is to build analysis tools that utility vendors can use to improve security policies for pre-configured instances to run on known utility hosts. A key insight is that commodity MAC policies actually describe the functional requirements for the individual components, as they aim for least privilege permissions. We find that conservative information flow integrity requirements can often be inferred from system configurations, enabling methods to compare such functional requirements to information flow integrity requirements to identify system risks automatically. However, resolving these risks is non-trivial, as we have to be careful not to block flows that provide necessary function. As a result, we accept that some systems may be accessible to adversaries, creating an attack surface that must be defended. We propose to explore automated methods to generate a system-wide MAC policy that satisfies functional requirements with a near-minimal attack surface. which utility vendors can use to pre-configure security for their end-to-end systems.

Related Research Projects

Related Publications