Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICISS
2007
Springer
2007
Springer
Towards Automated Privilege Separation
Applications are subject to threat from a number of attack vectors, and limiting their attack surface is vital. By using privilege separation to constrain application access to protected resources, we can mitigate the threats against the application. Previous examinations of privilege separation either entailed significant manual effort or required access to the source code. We consider a method of performing privilege separation through black-box analysis. We consider similar applications to the target and infer states of execution, and determine unique trigger system calls that cause transitions. We use these for the basis of statebased policy enforcement by leveraging the Systrace policy enforcement mechanism. Our results show that we can infer state transitions with a high degree of accuracy, while our modifications to Systrace result in more granular protection by limiting system calls depending on the application’s state. The modified Systrace increases the size of the Apac...
Real-time TrafficRelated Content
| Added | 08 Jun 2010 |
| Updated | 08 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ICISS |
| Authors | Dhananjay Bapat, Kevin R. B. Butler, Patrick Drew McDaniel |
Comments (0)
Researcher Info
|
