Between mutual trust and mutual distrust: Practical fine-grained privilege separation in multithreaded applications

Jun Wang, Xi Xiong, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Scopus citations

Abstract

Threads in a multithreaded process share the same address space and thus are implicitly assumed to be mutually trusted. However, one (compromised) thread attacking another is a real world threat. It remains challenging to achieve privilege separation for multithreaded applications so that the compromise or malfunction of one thread does not lead to data contamination or data leakage of other threads. The Arbiter system proposed in this paper explores the solution space. In particular, we find that page table protection bits can be leveraged to do efficient reference monitoring if data objects with the same accessibility stay in the same page. We design and implement Arbiter which consists of a new memory allocation mechanism, a policy manager, and a set of APIs. Programmers specify security policy through annotating the source code. We apply Arbiter to three applications, an in-memory key/-value store, a web server, and a userspace file system, and show how they can benefit from Arbiter in terms of security. Our experiments on the three applications show that Arbiter reduces application throughput by less than 10% and increases CPU utilization by 1.37-1.55×.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 USENIX Annual Technical Conference, USENIX ATC 2015
PublisherUSENIX Association
Pages361-373
Number of pages13
ISBN (Electronic)9781931971225
StatePublished - 2015
Event2015 USENIX Annual Technical Conference, USENIX ATC 2015 - Santa Clara, United States
Duration: Jul 8 2015Jul 10 2015

Publication series

NameProceedings of the 2015 USENIX Annual Technical Conference, USENIX ATC 2015

Conference

Conference2015 USENIX Annual Technical Conference, USENIX ATC 2015
Country/TerritoryUnited States
CitySanta Clara
Period7/8/157/10/15

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'Between mutual trust and mutual distrust: Practical fine-grained privilege separation in multithreaded applications'. Together they form a unique fingerprint.

Cite this