Fine-grained Program Partitioning for Security

Zhen Huang, Trent Jaeger, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Complex software systems are often not designed with the principle of least privilege, which requires each component be given the minimum amount of privileges to function. As a result, software vulnerabilities in less privileged code can lead to privilege escalation, defeating security and privacy. Privilege separation is the process of automatically partitioning a software system into least privileged components, and we argue that it is effective at reducing the attack surface. However, previous privilege-separation systems do not provide fine-grained separation of privileged code and non-privileged code co-existing in the same function for C/C++ applications. We propose a fine-grained partitioning technique for supporting fine-grained separation in automatic program partitioning. The technique has been applied to a set of security-sensitive networking and interactive programs. Results show that it can automatically generate executable partitions for C applications; further, partitioned programs incur acceptable runtime overheads.

Original languageEnglish (US)
Title of host publicationEuroSec 2021 - Proceedings of the 14th European Workshop on Systems
PublisherAssociation for Computing Machinery, Inc
Pages21-26
Number of pages6
ISBN (Electronic)9781450383370
DOIs
StatePublished - Apr 26 2021
Event14th European Workshop on Systems, EuroSec 2021 - Virtual, Online, United Kingdom
Duration: Apr 26 2021 → …

Publication series

NameEuroSec 2021 - Proceedings of the 14th European Workshop on Systems

Conference

Conference14th European Workshop on Systems, EuroSec 2021
Country/TerritoryUnited Kingdom
CityVirtual, Online
Period4/26/21 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Cite this