TY - GEN
T1 - Adaptive defenses for commodity software through virtual application partitioning
AU - Geneiatakis, Dimitris
AU - Portokalidis, Georgios
AU - Kemerlis, Vasileios P.
AU - Keromytis, Angelos D.
PY - 2012
Y1 - 2012
N2 - Applications can be logically separated to parts that face different types of threats, or suffer dissimilar exposure to a particular threat because of external events or innate properties of the software. Based on this observation, we propose the virtual partitioning of applications that will allow the selective and targeted application of those protection mechanisms that are most needed on each partition, or manage an application's attack surface by protecting the most exposed partition. We demonstrate the value of our scheme by introducing a methodology to automatically partition software, based on the intrinsic property of user authentication. Our approach is able to automatically determine the point where users authenticate, without access to source code. At runtime, we employ a monitor that utilizes the identified authentication points, as well as events like accessing specific files, to partition execution and adapt defenses by switching between protection mechanisms of varied intensity, such as dynamic taint analysis and instruction-set randomization. We evaluate our approach using seven well-known network applications, including the MySQL database server. Our results indicate that our methodology can accurately discover authentication points. Furthermore, we show that using virtual partitioning to apply costly protection mechanisms can reduce performance overhead by up to 5x, depending on the nature of the application.
AB - Applications can be logically separated to parts that face different types of threats, or suffer dissimilar exposure to a particular threat because of external events or innate properties of the software. Based on this observation, we propose the virtual partitioning of applications that will allow the selective and targeted application of those protection mechanisms that are most needed on each partition, or manage an application's attack surface by protecting the most exposed partition. We demonstrate the value of our scheme by introducing a methodology to automatically partition software, based on the intrinsic property of user authentication. Our approach is able to automatically determine the point where users authenticate, without access to source code. At runtime, we employ a monitor that utilizes the identified authentication points, as well as events like accessing specific files, to partition execution and adapt defenses by switching between protection mechanisms of varied intensity, such as dynamic taint analysis and instruction-set randomization. We evaluate our approach using seven well-known network applications, including the MySQL database server. Our results indicate that our methodology can accurately discover authentication points. Furthermore, we show that using virtual partitioning to apply costly protection mechanisms can reduce performance overhead by up to 5x, depending on the nature of the application.
KW - Adaptive defenses
KW - Application partitioning
KW - Authentication
KW - Dynamic taint analysis
KW - Information flow tracking
KW - Instruction-set randomization
KW - Risk management
UR - http://www.scopus.com/inward/record.url?scp=84869400823&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869400823&partnerID=8YFLogxK
U2 - 10.1145/2382196.2382214
DO - 10.1145/2382196.2382214
M3 - Conference contribution
AN - SCOPUS:84869400823
SN - 9781450316507
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 133
EP - 144
BT - CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
T2 - 2012 ACM Conference on Computer and Communications Security, CCS 2012
Y2 - 16 October 2012 through 18 October 2012
ER -