论文信息 - Privman: A Library for Partitioning Applications

Privman: A Library for Partitioning Applications

Writing secure, trusted software for UNIX platforms is difficult. There are a number of approaches to enabling more secure development, but it is apparent that the current set of solutions are neither achieving acceptance nor having sufficient impact. In this paper, we introduce a library to address a particularly difficult problem in secure code development: partitioning processes to isolate privileges in trusted code. Privilege separation is a technique that isolates trusted code, therefore reducing the amount of code that needs to be carefully audited. While the technique is not new, it is not widely used due to difficulties of implementation. We present Privman, a library that makes privilege separation easy. The primary benefit of the Privman library is a systematic, reusable framework and library for developing partitioned applications. We demonstrate the feasibility of the approach by applying it to two real systems, thttpd and WU-FTPD.

Douglas Kilpatrick | Doug Kilpatrick

[1] Fred P. Brooks,et al. The Mythical Man-Month , 1975, Reliable Software.

[2] Andrew Berman,et al. TRON: Process-Specific File Protection for the UNIX Operating System , 1995, USENIX.

[3] David A. Wagner,et al. A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[4] Calton Pu,et al. Death, taxes, and imperfect software: surviving the inevitable , 1998, NSPW '98.

[5] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[6] A. Acharya,et al. MAPbox: Using Parameterized Behavior Classes to Confine Applications , 1999 .

[7] Timothy Fraser,et al. Hardening COTS software with generic software wrappers , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8] Calton Pu,et al. The Cracker Patch Choice: An Analysis of Post Hoc Security Techniques , 2000 .

[9] Sotiris Ioannidis,et al. Sub-operating systems: a new approach to application security , 2002, EW 10.