Adaptive defenses for commodity software through virtual application partitioning

Dimitris Geneiatakis, Georgios Portokalidis, Vasileios P. Kemerlis, Angelos D. Keromytis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

14 Scopus citations

Abstract

Applications can be logically separated to parts that face different types of threats, or suffer dissimilar exposure to a particular threat because of external events or innate properties of the software. Based on this observation, we propose the virtual partitioning of applications that will allow the selective and targeted application of those protection mechanisms that are most needed on each partition, or manage an application's attack surface by protecting the most exposed partition. We demonstrate the value of our scheme by introducing a methodology to automatically partition software, based on the intrinsic property of user authentication. Our approach is able to automatically determine the point where users authenticate, without access to source code. At runtime, we employ a monitor that utilizes the identified authentication points, as well as events like accessing specific files, to partition execution and adapt defenses by switching between protection mechanisms of varied intensity, such as dynamic taint analysis and instruction-set randomization. We evaluate our approach using seven well-known network applications, including the MySQL database server. Our results indicate that our methodology can accurately discover authentication points. Furthermore, we show that using virtual partitioning to apply costly protection mechanisms can reduce performance overhead by up to 5x, depending on the nature of the application.

Original languageEnglish
Title of host publicationCCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Pages133-144
Number of pages12
DOIs
StatePublished - 2012
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States
Duration: 16 Oct 201218 Oct 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/TerritoryUnited States
CityRaleigh, NC
Period16/10/1218/10/12

Keywords

  • Adaptive defenses
  • Application partitioning
  • Authentication
  • Dynamic taint analysis
  • Information flow tracking
  • Instruction-set randomization
  • Risk management

Fingerprint

Dive into the research topics of 'Adaptive defenses for commodity software through virtual application partitioning'. Together they form a unique fingerprint.

Cite this