Libsec: A Hardware Virtualization-Based Isolation for Shared Library

A typical application normally includes the main program and some shared libraries. The main program can arbitrarily execute the code of those shared libraries due to the coexistence in the same memory space. This feature can be used by attackers to carry out code-reuse attacks. Meanwhile, the shared libraries are shared across multiple applications, which can help attackers to simplify the process of code-reuse attacks. Isolating shared library into a separate execution environment and restricting the access to this library is a promising countermeasure, while the existing isolation approaches need to either modify the main program, or break the shared feature of the library. In this paper, we present Libsec, an efficient and transparent approach to isolate shared libraries, without the need of source code of the main program or shared libraries. Libsec adopts commodity hardware virtualization extension to isolate shared libraries from the main program. Meanwhile, Libsec relies on static instrumentation and dynamic processing to provide interfaces for legitimate cross-domain invocations. By this way, Libsec can guarantee that the main program and shared libraries are executed in the corresponding execution environment respectively, while cross-domain invocation is only allowed via specific interfaces, thus preventing the main program from jumping directly to the shared library. We implement a prototype of Libsec in KVM. To demonstrate its effectiveness, we deploy it to some real-world applications and libraries, such as Nginx and OpenSSL libraries. Security evaluation shows that Libsec can prevent the attacker from utilizing the functions or instruction sequences of the shared library for code-reuse attack. Performance evaluation shows that the performance and space overhead caused by Libsec are appropriate.

[1]  Hector Marco Gisbert,et al.  On the Effectiveness of Full-ASLR on 64-bit Linux , 2014 .

[2]  Yutao Liu,et al.  Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation , 2015, CCS.

[3]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Zhenkai Liang,et al.  Codejail: Application-Transparent Isolation of Libraries with Tight Program Interactions , 2012, ESORICS.

[5]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[6]  Colin J. Fidge,et al.  LibVM: an architecture for shared library sandboxing , 2015, Softw. Pract. Exp..

[7]  Miguel Castro,et al.  Fast byte-granularity software fault isolation , 2009, SOSP '09.

[8]  Douglas Kilpatrick,et al.  Privman: A Library for Partitioning Applications , 2003, USENIX Annual Technical Conference, FREENIX Track.

[9]  Bryan Ford,et al.  Vx32: Lightweight User-level Sandboxing on the x86 , 2008, USENIX Annual Technical Conference.

[10]  Long Lu,et al.  Shreds: Fine-Grained Execution Units with Private Memory , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[11]  George Candea,et al.  Code-pointer integrity , 2014, OSDI.

[12]  Dan Boneh,et al.  Hacking Blind , 2014, 2014 IEEE Symposium on Security and Privacy.

[13]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[14]  Úlfar Erlingsson,et al.  Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM , 2014, USENIX Security Symposium.

[15]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[16]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[17]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.