Clean Application Compartmentalization with SOAAP

Gudka, Khilan; Watson, Robert N. M.; Anderson, Jonathan; Chisnall, David; Davis, Brooks; Laurie, Ben; Marinos, Ilias; Neumann, Peter G.; Richardson, Alexander

doi:10.1145/2810103.2813611

Cited by 59 publications

(65 citation statements)

References 20 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unfortunately, compartmentalizing existing apps is, in general, a hard problem [65], since components might share a state, and requires app developers to adopt distributed app development to build logical apps consisting of different processes connected via message passing. Ideally, app developers should be supported in this task of compartmentalizing their apps, for instance through new tools and frameworks [26]. Android apps are not different in this regard.…”

Section: B Security Evaluation Of Kontalkmentioning

confidence: 99%

DroidCap: OS Support for Capability-based Permissions in Android

Dawoud¹,

Bugiel²

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

We present DROIDCAP, a retrofitting of Android's central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DROIDCAP, permissions are per-process Binder objectcapabilities. DROIDCAP's design removes Android's UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DROIDCAP, we show that object-capabilities as underlying access control model integrates naturally and backward-compatible into Android's stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components. At the heart of our paradigm shift for representing permissions in Android is an extension to Android's Binder IPC mechanism. Binder IPC is the primary IPC channel for communication among all apps and between system services

show abstract

Section: B Security Evaluation Of Kontalkmentioning

confidence: 99%

DroidCap: OS Support for Capability-based Permissions in Android

Dawoud¹,

Bugiel²

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…In addition to developing a high-performance compartmentalization mode, we have also explored how software static analysis can assist programmers in reasoning about decomposing software in order to accomplish mitigation objectives [4].…”

Section: Software Compartmentalizationmentioning

confidence: 99%

Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA)

Watson¹,

Neumann²,

Moore³

2018

New Solutions for Cybersecurity

View full text Add to dashboard Cite

“…Although others have presented details of TEEs [13,14,[23][24][25], tools for automatically partitioning applications [26] and tools for evaluating compartmentalisation schemes [27], to the best of our knowledge, we are the first to present a systematisation of partitioning schemes.…”

Section: Introductionmentioning

confidence: 99%

A framework for application partitioning using trusted execution environments

Atamli-Reineh

Paverd

Petracca

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary The size and complexity of modern applications are the underlying causes of numerous security vulnerabilities. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (such as the operating system). New technologies, notably Intel's Software Guard Extensions (SGX), are becoming available to enhance the security of partitioned applications. SGX provides a trusted execution environment (TEE), called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system (OS). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. How should a particular application be partitioned? How many TEEs should be used? What granularity of partitioning should be applied? To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. However, as partitioning becomes increasingly common, there is a need for systematisation in the design of partitioning schemes. To address this need, we present a novel framework consisting of four overarching types of partitioning schemes through which applications can make use of TEEs. These schemes range from coarse‐grained partitioning, in which the whole application is included in a single TEE, through to ultra‐fine partitioning, in which each piece of security‐sensitive code and data is protected in an individual TEE. Although partitioning schemes themselves are application specific, we establish application‐independent relationships between the types we have defined. Because these relationships have an impact on both the security and performance of the partitioning scheme, we envisage that our framework can be used by software architects to guide the design of application partitioning schemes. To demonstrate the applicability of our framework, we have carried out case studies on two widely used software packages, the Apache Web server and the OpenSSL library. In each case study, we provide four high‐level partitioning schemes—one for each of the types in our framework. We also systematically review the related work on hardware‐enforced partitioning by categorising previous research efforts according to our framework. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

Clean Application Compartmentalization with SOAAP

Cited by 59 publications

References 20 publications

DroidCap: OS Support for Capability-based Permissions in Android

DroidCap: OS Support for Capability-based Permissions in Android

Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA)

A framework for application partitioning using trusted execution environments

Contact Info

Product

Resources

About