TY - GEN
T1 - Process firewalls
T2 - 8th ACM European Conference on Computer Systems, EuroSys 2013
AU - Vijayakumar, Hayawardh
AU - Schiffman, Joshua
AU - Jaeger, Trent
PY - 2013
Y1 - 2013
N2 - Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10% of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes - rather than sandboxing them - it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4% overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8% more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.
AB - Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution, race conditions, and/or ambiguities regarding which resources are controlled by adversaries, accounting for 5-10% of CVE entries over the last four years. programmers have found these attacks extremely hard to eliminate because resources are managed externally to the program, but the operating system does not provide a sufficiently rich system-call API to enable programs to block such attacks. In this paper, we present the Process Firewall, a kernel mechanism that protects processes in manner akin to a network firewall for the system-call interface. Because the Process Firewall only protects processes - rather than sandboxing them - it can examine their internal state to identify the protection rules necessary to block many of these attacks without the need for program modification or user configuration. We built a prototype Process Firewall for Linux demonstrating: (1) the prevention of several vulnerabilities, including two that were previously-unknown; (2) that this defense can be provided system-wide for less than 4% overhead in a variety of macrobenchmarks; and (3) that it can also improve program performance, shown by Apache handling 3-8% more requests when program resource access checks are replaced by Process Firewall rules. These results show that it is practical for the operating system to protect processes by preventing a variety of resource access attacks system-wide.
UR - http://www.scopus.com/inward/record.url?scp=84877716990&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84877716990&partnerID=8YFLogxK
U2 - 10.1145/2465351.2465358
DO - 10.1145/2465351.2465358
M3 - Conference contribution
AN - SCOPUS:84877716990
SN - 9781450319942
T3 - Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013
SP - 57
EP - 70
BT - Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013
Y2 - 15 April 2013 through 17 April 2013
ER -