Integrity walls: Finding attack surfaces from mandatory access control policies

Hayawardh Vijayakumar, Guruprasad Jakka, Sandra Rueda, Joshua Schiffman, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

34 Scopus citations

Abstract

Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to such breaches. While security practitioners may eventually learn which entry points in programs must be defended over a software's lifetime, new software and configuration options are frequently introduced, opening additional vulnerabilities to adversaries. The application developers' problem is to identify the program entry points accessible to adversaries and provide necessary defenses at these entry points before the adversaries use these to compromise the program. Unfortunately, this is a race that developers often lose. While some program vulnerable entry points are well-known (mostly network), the complexity of host systems makes it difficult to prevent local exploits should attackers gain control of any unprivileged processing. The question we explore in this paper is whether the program entry points accessible to adversaries can be found proactively, so defenses at these entry points can also be developed proactively.

Original languageEnglish (US)
Title of host publicationASIACCS 2012 - 7th ACM Symposium on Information, Computer and Communications Security
Pages75-76
Number of pages2
DOIs
StatePublished - 2012
Event7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012 - Seoul, Korea, Republic of
Duration: May 2 2012May 4 2012

Publication series

NameASIACCS 2012 - 7th ACM Symposium on Information, Computer and Communications Security

Other

Other7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012
Country/TerritoryKorea, Republic of
CitySeoul
Period5/2/125/4/12

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Integrity walls: Finding attack surfaces from mandatory access control policies'. Together they form a unique fingerprint.

Cite this