Least-privilege separation decomposes applications into compartments limited to accessing only what they need. When compartmentalizing existing software, many approaches neglect securing the new inter-compartment interfaces, although what used to be a function call from/to a trusted component is now potentially a targeted attack from a malicious compartment. This results in an entire class of security bugs: Compartment Interface Vulnerabilities (CIVs).This paper provides an in-depth study of CIVs. We taxonomize these issues and show that they affect all known compartmentalization approaches. We propose ConfFuzz, an inmemory fuzzer specialized to detect CIVs at possible compartment boundaries. We apply ConfFuzz to a set of 25 popular applications and 36 possible compartment APIs, to uncover a wide data-set of 629 vulnerabilities. We systematically study these issues, and extract numerous insights on the prevalence of CIVs, their causes, impact, and the complexity to address them. We stress the critical importance of CIVs in compartmentalization approaches, demonstrating an attack to extract isolated keys in OpenSSL and uncovering a decade-old vulnerability in sudo. We show, among others, that not all interfaces are affected in the same way, that API size is uncorrelated with CIV prevalence, and that addressing interface vulnerabilities goes beyond writing simple checks. We conclude the paper with guidelines for CIV-aware compartment interface design, and appeal for more research towards systematic CIV detection and mitigation.
Given the low cost of their components and their demonstrated reliable efficiencies, dye-sensitized techniques based on the titanium dioxide (TiO2) thin films have received much research attention in the past decade. The dSubscript textye/TiO2thin films were prepared on glass fibers substrate by a dip-coating method combined with a sol-gel process and the photocatalytic of acetone was investigated in this study. The natural botanical dye of Gardenia jasminoides with absorption reflection intensity in 410-460 nm of liquid extraction was used to improve the photo absorbability under illumination of visible light source. Degradation of acetone under 420 nm light illumination was conducted to evaluate the photocatalytic ability of the dye/TiO2thin films. The SEM images evidence that fibers existed in the dye/nano-TiO2composites. The dye/TiO2thin films catalyst prepared in the laboratory shoSubscript textwed photocatalytic performance with the degradation efficiency of 55% under 420 nm. A few percentages increase in removal efficiency when compared with the dye less TiO2thin films.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.