usenix conference policies
Wedge: Splitting Applications into Reduced-Privilege Compartments
Abstract:
Software vulnerabilities and bugs persist, and so exploits continue to cause significant damage, particularly by divulging users' sensitive data to miscreants. Yet the vast majority of networked applications remain monolithically structured, in stark contravention of the ideal of least-privilege partitioning. Like others before us, we believe this state of affairs continues because today's operating systems offer isolation primitives that are cumbersome. We present Wedge, a system well suited to the splitting of complex, legacy, monolithic applications into fine-grained, least-privilege compartments. Wedge consists of two synergistic parts: OS primitives that create compartments with default-deny semantics, which force the programmer to make compartments' privileges explicit; and Crowbar, a pair of run-time analysis tools that assist the programmer in determining which code needs which privileges for which memory objects. By implementing the Wedge system atop Linux, and applying it to the SSL-enabled Apache web server and the OpenSSH login server, we demonstrate that Wedge allows fine-grained compartmentalization of applications to prevent the leakage of sensitive data, at acceptable performance cost. We further show that Wedge is powerful enough to prevent a subtle man-in-the-middle attack that succeeds on a more coarsely privilege-separated Apache web server.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {268265,
author = {Andrea Bittau and Petr Marchenko and Mark Handley and Brad Karp},
title = {Wedge: Splitting Applications into {Reduced-Privilege} Compartments},
booktitle = {5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 08)},
year = {2008},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/nsdi-08/wedge-splitting-applications-reduced-privilege-compartments},
publisher = {USENIX Association},
month = apr
}
author = {Andrea Bittau and Petr Marchenko and Mark Handley and Brad Karp},
title = {Wedge: Splitting Applications into {Reduced-Privilege} Compartments},
booktitle = {5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 08)},
year = {2008},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/nsdi-08/wedge-splitting-applications-reduced-privilege-compartments},
publisher = {USENIX Association},
month = apr
}
connect with us