Free Willy: Prune System Calls to Enhance Software Security

IF 0.4 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS
Charlie Groh, Sergej Proskurin, Apostolis Zarras
{"title":"Free Willy: Prune System Calls to Enhance Software Security","authors":"Charlie Groh, Sergej Proskurin, Apostolis Zarras","doi":"10.1145/3555776.3577593","DOIUrl":null,"url":null,"abstract":"Many privilege escalation exploits on Linux abuse vulnerable system calls to threaten the system's security. Therefore, various static and dynamic analysis based seccomp policy generation frameworks emerged. Yet, they either focus on a subset of the available binaries or are constrained by the inherent properties of dynamic, testing-based analysis, which are prone to false negatives. In this paper, we present Jesse, a static-analysis-based framework for generating seccomp policies for ELF binaries. We design and implement an abstract-interpretation-based constant propagation that helps the analyst identify vital system calls for arbitrary, non-obfuscated binaries. Using the extracted results, Jesse allows producing effective seccomp policies, reducing the system's attack vector. To assess Jesse's effectiveness and accuracy, we have applied our system to over 1,000 ELF binaries for Debian 10, and show that---contrary to existing solutions---Jesse produces accurate and safely approximated results, without relying on any properties of the target binaries. In addition, we conduct a case study in which we combine Jesse's constant propagation strategy with container debloating techniques to produce seccomp policies that restrict up to five times more system calls than the Docker's default seccomp policy on average.","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577593","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Many privilege escalation exploits on Linux abuse vulnerable system calls to threaten the system's security. Therefore, various static and dynamic analysis based seccomp policy generation frameworks emerged. Yet, they either focus on a subset of the available binaries or are constrained by the inherent properties of dynamic, testing-based analysis, which are prone to false negatives. In this paper, we present Jesse, a static-analysis-based framework for generating seccomp policies for ELF binaries. We design and implement an abstract-interpretation-based constant propagation that helps the analyst identify vital system calls for arbitrary, non-obfuscated binaries. Using the extracted results, Jesse allows producing effective seccomp policies, reducing the system's attack vector. To assess Jesse's effectiveness and accuracy, we have applied our system to over 1,000 ELF binaries for Debian 10, and show that---contrary to existing solutions---Jesse produces accurate and safely approximated results, without relying on any properties of the target binaries. In addition, we conduct a case study in which we combine Jesse's constant propagation strategy with container debloating techniques to produce seccomp policies that restrict up to five times more system calls than the Docker's default seccomp policy on average.
Free Willy:减少系统调用以增强软件安全性
Linux上的许多特权升级利用滥用易受攻击的系统调用来威胁系统的安全性。因此,出现了各种基于静态和动态分析的seccomp策略生成框架。然而,它们要么专注于可用二进制文件的一个子集,要么受到动态的、基于测试的分析的固有属性的限制,这些属性容易产生假阴性。在本文中,我们提出了Jesse,一个基于静态分析的框架,用于为ELF二进制文件生成次要策略。我们设计并实现了一个基于抽象解释的常量传播,它可以帮助分析人员识别任意的、非混淆的二进制文件的重要系统调用。使用提取的结果,Jesse允许生成有效的seccomp策略,减少系统的攻击向量。为了评估Jesse的有效性和准确性,我们将我们的系统应用于Debian 10的1000多个ELF二进制文件,并表明——与现有解决方案相反——Jesse产生了准确且安全的近似结果,而不依赖于目标二进制文件的任何属性。此外,我们还进行了一个案例研究,在这个案例中,我们将Jesse的恒定传播策略与容器膨胀技术结合起来,生成了seccomp策略,该策略限制的系统调用平均最多是Docker默认seccomp策略的五倍。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Applied Computing Review
Applied Computing Review COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
40.00%
发文量
8
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信