TWC: Small: Caging Libraries To Control Software Faults

TWC：小型：用笼子库来控制软件故障

• 批准号: 1223588
• 负责人: Justin Cappos
• 金额: $ 49.99万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1223588&HistoricalAwards=false
• 关键词: TWC; Small; Caging; Libraries; Control

The vast majority of the code in most applications comes from the libraries it imports, rather than the program itself. As a result, hackers often exploit flaws in libraries like glibc or openssl that are used across multiple applications instead of attacking individual flaws in code specific to the application. This makes it easier for an attacker to compromise many applications at once with a single exploit. This work isolates the impact of flaws in a deployed program into the smallest area possible. This will dramatically increase the security of applications in the cloud, on mobile phones, and everything in between.To achieve this goal, this research develops a new abstraction that acts as a lightweight and extremely efficient intra-process isolation mechanism that builds on recent advances from operating system virtualization and memory-safe code execution (such as SFI). This abstraction, called a cage, allows different pieces of code that execute in the same process to be isolated from each other. This means that a flaw within a piece of code can only be used to exploit the code within that cage. Each cage also conceptually is its own process from an resource accounting standpoint. In addition, calls between cages are extremely lightweight and do not require a context switch or OS intervention. The cage abstraction provides an isolation mechanism that is high-performance and with very low overhead while improving application security.

大多数应用程序中的绝大多数代码都来自其导入的库，而不是程序本身。结果，黑客经常利用诸如Glibc或OpenSL之类的库中的缺陷，这些缺陷在多个应用程序中使用，而不是在应用程序特定的代码中攻击单个缺陷。这使攻击者更容易通过单个利用来一次妥协许多应用程序。这项工作将漏洞在部署程序中的影响隔离了最小的区域。 这将大大提高云中的应用程序的安全性，在手机上以及两者之间的所有内容。为了实现这一目标，这项研究开发了一种新的抽象，它是一种轻巧且极其有效的内部过程内隔离机制，基于操作系统虚拟化和记忆安全代码执行（例如SFI）的最新进展。这个称为笼子的抽象允许在同一过程中执行的不同代码彼此隔离。这意味着只能使用一块代码中的缺陷来利用该笼子内的代码。从概念上讲，每个笼子也是其自身的过程，从资源会计的角度来看。此外，笼子之间的呼叫非常轻巧，不需要上下文开关或操作系统干预。 笼子抽象提供了一种隔离机制，该机制是高性能，开销非常低，同时提高了应用程序安全性。