Process Firewall: Protect Processes from Resource Access AttacksPrograms require a variety of resources from the system to function, e.g., a web server may need HTML files to serve HTTP requests. However, adversaries can try to trick victim programs into accessing malicious resources. For example, when a victim program wants to read from a file in
We find that such problems are caused because of a disconnect between programmers who write code and OS distributors/administrators who frame system access control policies/configurations. To solve this problem, we developed Process Firewall - a mechanism that can inspect both the program and the system - to protect resource access. It bridges the gap between programs and the deployed system with a broader view and finer controls on resource accesses. It is modular and extensible to protect against new vulnerability classes.
We identify two specific causes for resource access vulnerabilities: (1) mismatches in expectations of adversary control of names and bindings between the program and the deployment and (2) insufficient filtering on adversary-controlled resource accesses. To combat the resource access attacks, we infer program's implicit expectations on resource accesses in an automatic way and enforce these "expectations" comprehensively using Process Firewall at runtime. For example, we use the following rule template to protect processes from unexpected adversary control:
Findings. Programmers have a lot of implicit expectations that are not conveyed to OS distributors/administrators (55% resource accesses are assumed to be safe). We show how single Process Firewall rules can block entire classes of vulnerabilities, and how we could generate rules in a principled way to harden programs without requiring programmer or OS distributor/administrator effort in our JIGSAW paper. All this for a performance overhead macro-benchmarks 2-8%. In addition, we can actually improve performance by replacing program checks with Process Firewall rules: Apache's requests per second are improved by 5-8%.
How the Process Firewall works?
Please contact Hayawardh Vijayakumar for questions about Process Firewall.
We gratefully acknowledge support from NSF grant NSF-0905343 and AFOSR grant FA9550-12-1-8166
We would like to thank GrammaTech, Inc (www.grammatech.com) for providing their product CodeSurfer. We use CodeSurfer to evaluate our work. CodeSurfer is a tool to analyze deep structure of any compiled program. It provides APIs to access different elements of intermediate representation of the compiled program. In our work, we need to find filter functions. In order to verify our results of identifying filter functions we use CodeSurfer.
INSR | SIIS | CSE | Penn State | Copyright 2014 SIIS Lab