TY - GEN
T1 - A rose by any other name or an insane root? Adventures in name resolution
AU - Vijayakumar, Hayawardh
AU - Schiffman, Joshua
AU - Jaeger, Trent
PY - 2012
Y1 - 2012
N2 - Namespaces are fundamental to computing systems. Each namespace maps the names that clients use to retrieve resources to the actual resources themselves. However, the indirection that namespaces provide introduces avenues of attack through the name resolution process. Adversaries can trick programs into accessing unintended resources by changing the binding between names and resources and by using names whose target resources are ambiguous. In this paper, we explore whether a unified system approach may be found to prevent many name resolution attacks. For this, we examine attacks on various namespaces and use these to derive invariants to defend against these attacks. Four prior techniques are identified that enforce aspects of name resolution, so we explore how these techniques address the proposed invariants. We find that each of these techniques are incomplete in themselves, but a combination could provide effective enforcement of the invariants. We implement a prototype system that can implement these techniques for the Linux file system namespace, and show that invariant rules specific to each, individual program system call can be enforced with a small overhead (less than 3%), indicating that fine-grained name resolution enforcement may be practical.
AB - Namespaces are fundamental to computing systems. Each namespace maps the names that clients use to retrieve resources to the actual resources themselves. However, the indirection that namespaces provide introduces avenues of attack through the name resolution process. Adversaries can trick programs into accessing unintended resources by changing the binding between names and resources and by using names whose target resources are ambiguous. In this paper, we explore whether a unified system approach may be found to prevent many name resolution attacks. For this, we examine attacks on various namespaces and use these to derive invariants to defend against these attacks. Four prior techniques are identified that enforce aspects of name resolution, so we explore how these techniques address the proposed invariants. We find that each of these techniques are incomplete in themselves, but a combination could provide effective enforcement of the invariants. We implement a prototype system that can implement these techniques for the Linux file system namespace, and show that invariant rules specific to each, individual program system call can be enforced with a small overhead (less than 3%), indicating that fine-grained name resolution enforcement may be practical.
UR - http://www.scopus.com/inward/record.url?scp=84872234712&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84872234712&partnerID=8YFLogxK
U2 - 10.1109/EC2ND.2011.17
DO - 10.1109/EC2ND.2011.17
M3 - Conference contribution
AN - SCOPUS:84872234712
SN - 9780769547626
T3 - Proceedings - 2011 7th European Conference on Computer Network Defense, EC2ND 2011
SP - 1
EP - 8
BT - Proceedings - 2011 7th European Conference on Computer Network Defense, EC2ND 2011
T2 - 2011 7th European Conference on Computer Network Defense, EC2ND 2011
Y2 - 6 September 2011 through 7 September 2011
ER -