University of Cambridge > Talks.cam > Microsoft Research Cambridge, public talks > Protecting Programs During Resource Retrieval

Protecting Programs During Resource Retrieval

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.

This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending

Programs must retrieve many system resources to execute properly, but there are several classes of vulnerabilities that may befall programs during resource retrieval. These vulnerabilities are difficult for programmers to eliminate because their cause is external to the program: adversaries may control the inputs used to build names, name spaces used to find the target resources, and the target resources themselves to trick victim programs to retrieve resources of the adversaries’ choosing. In this talk, I will present a system mechanism, called the Process Firewall, that protects programs from vulnerabilities during resource retrieval by introspecting into running programs to enforce context-specific rules. Our key insight is that using introspection to prevent such vulnerabilities is safe because we only aim to protect processes, relying on access control to confine malicious processes. I will show that the Process Firewall can prevent many types of vulnerabilities during resource retrieval, including those involving race conditions. I will also show how to perform such introspection and enforcement efficiently, incurring much lower overhead than equivalent program defenses. Finally, I will describe a conceptual model that describes the conditions for safe resource retrieval, and outline how to produce enforceable rules from that model. By following this model, we find that the Process Firewall mechanism can prevent many vulnerabilities during resource retrieval without causing false positives.

This talk is part of the Microsoft Research Cambridge, public talks series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2019 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity