TY - GEN
T1 - Enforcing user-space privilege separation with declarative architectures
AU - Niu, Ben
AU - Tan, Gang
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - Applying privilege separation in software development is an effective strategy for limiting the damage of an attack on a software system. In this approach, a software system is separated into a set of communicating protection domains of least privilege. In a privilege-separated system, even if one protection domain is hijacked by an attacker, the rest of the system may still function. uPro is a tool that provides efficient and flexible enforcement of privilege separation. It adopts software-based fault isolation to implement protection domains in the user-space so that inter-domain communication is efficient. It provides a declarative language to describe an application's security architecture, facilitating developers to identify different architecture alternatives. The evaluation shows that real applications can be ported to uPro with enhanced security, acceptable performance, and declarative architectures.
AB - Applying privilege separation in software development is an effective strategy for limiting the damage of an attack on a software system. In this approach, a software system is separated into a set of communicating protection domains of least privilege. In a privilege-separated system, even if one protection domain is hijacked by an attacker, the rest of the system may still function. uPro is a tool that provides efficient and flexible enforcement of privilege separation. It adopts software-based fault isolation to implement protection domains in the user-space so that inter-domain communication is efficient. It provides a declarative language to describe an application's security architecture, facilitating developers to identify different architecture alternatives. The evaluation shows that real applications can be ported to uPro with enhanced security, acceptable performance, and declarative architectures.
UR - http://www.scopus.com/inward/record.url?scp=84869485006&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869485006&partnerID=8YFLogxK
U2 - 10.1145/2382536.2382541
DO - 10.1145/2382536.2382541
M3 - Conference contribution
AN - SCOPUS:84869485006
SN - 9781450316620
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 9
EP - 20
BT - STC'12 - Proceedings of the Workshop on Scalable Trusted Computing
T2 - 7th ACM Workshop on Scalable Trusted Computing, STC 2012
Y2 - 15 October 2012 through 15 October 2012
ER -