BreakApp: Automated, Flexible Application Compartmentalization

Developers of large-scale software systems may use third-party modules to reduce costs and accelerate release cycles, at some risk to safety and security. BREAKAPP exploits module boundaries to automate compartmentalization of systems and enforce security policies, enhancing reliability and security. BREAKAPP transparently spawns modules in protected compartments while preserving their original behavior. Optional high-level policies decouple security assumptions made during development from requirements imposed for module composition and use. These policies allow fine-tuning trade-offs such as security and performance based on changing threat models or load patterns. Evaluation of BREAKAPP with a prototype implementation for JavaScript demonstrates feasibility by enabling simplified security hardening of existing systems with low performance overhead.

[1]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[2]  Jonathan M. Smith,et al.  From Lone Dwarfs to Giant Superclusters: Rethinking Operating System Abstractions for the Cloud , 2015, HotOS.

[3]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[4]  F. Piessens,et al.  Towards Automatic Compartmentalization of C Programs on Capability Machines , 2017 .

[5]  Ralph E. Johnson,et al.  Design Patterns: Abstraction and Reuse of Object-Oriented Design , 1993, ECOOP.

[6]  Justin Cappos,et al.  Diplomat: Using Delegations to Protect Community Repositories , 2016, NSDI.

[7]  Mark Handley,et al.  Wedge: Splitting Applications into Reduced-Privilege Compartments , 2008, NSDI.

[8]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[9]  Daniel M. Roy,et al.  Enhancing Server Availability and Security Through Failure-Oblivious Computing , 2004, OSDI.

[10]  Peter G. Neumann,et al.  CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Krste Asanovic,et al.  The RISC-V Instruction Set Manual Volume 2: Privileged Architecture Version 1.7 , 2015 .

[12]  J. Shapiro,et al.  EROS: a fast capability system , 2000, OPSR.

[13]  Trent Jaeger,et al.  Achieved IPC performance (still the foundation for extensibility) , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[14]  Mauricio A. Saca Refactoring improving the design of existing code , 2017, 2017 IEEE 37th Central America and Panama Convention (CONCAPAN XXXVII).

[15]  Jeffrey S. Foster,et al.  C‐strider: type‐aware heap traversal for C , 2016, Softw. Pract. Exp..

[16]  Juan Chen,et al.  Fully abstract compilation to JavaScript , 2013, POPL.

[17]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[18]  Xi Wang,et al.  Linux kernel vulnerabilities: state-of-the-art defenses and open problems , 2011, APSys.

[19]  E. Dijkstra On the Role of Scientific Thought , 1982 .

[20]  Frank Piessens,et al.  JSand: complete client-side sandboxing of third-party JavaScript without browser modifications , 2012, ACSAC '12.

[21]  James Mickens,et al.  Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains , 2014, 2014 IEEE Symposium on Security and Privacy.

[22]  Sam Newman,et al.  Building Microservices , 2015 .

[23]  Hermann Härtig,et al.  Sandcrust: Automatic Sandboxing of Unsafe Components in Rust , 2017, PLOS@SOSP.

[24]  Herbert Bos,et al.  MINIX 3: a highly reliable, self-repairing operating system , 2006, OPSR.

[25]  Naga Praveen Kumar Katta,et al.  JavaScript in JavaScript (js.js): Sandboxing Third-Party Scripts , 2012, WebApps.

[26]  Angelos D. Keromytis,et al.  Building a Reactive Immune System for Software Services , 2005, USENIX Annual Technical Conference, General Track.

[27]  Marius Eriksen,et al.  Your server as a function , 2013, PLOS '13.

[28]  Dirk Merkel,et al.  Docker: lightweight Linux containers for consistent development and deployment , 2014 .

[29]  Michael Maass,et al.  A Theory and Tools for Applying Sandboxes Effectively , 2016 .

[30]  Tobias Lauinger,et al.  Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web , 2018, NDSS.

[31]  Michael D. Ernst,et al.  Automatically patching errors in deployed software , 2009, SOSP '09.

[32]  Jonathan M. Smith,et al.  Hardware Support for Safety Interlocks and Introspection , 2012, 2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops.

[33]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[34]  Marius Eriksen Your server as a function , 2014, ACM SIGOPS Oper. Syst. Rev..

[35]  D. Stefan,et al.  SPAM : a Secure Package Manager , 2017 .

[36]  Andrea C. Arpaci-Dusseau,et al.  Serverless Computation with OpenLambda , 2016, HotCloud.

[37]  Tanja Lange,et al.  TweetNaCl: A Crypto Library in 100 Tweets , 2014, LATINCRYPT.

[38]  Arie van Deursen,et al.  Tracking known security vulnerabilities in proprietary software systems , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[39]  Peter G. Neumann,et al.  Clean Application Compartmentalization with SOAAP , 2015, CCS.

[40]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[41]  Deian Stefan,et al.  Protecting Users by Confining JavaScript with COWL , 2014, OSDI.

[42]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[43]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[44]  Angelos D. Keromytis,et al.  ASSURE: automatic software self-healing using rescue points , 2009, ASPLOS.

[45]  Mick Bauer,et al.  Paranoid penguin: AppArmor in Ubuntu 9 , 2009 .