T. Rauter, Andrea Höller, N. Kajtazovic, Christian Kreiner
{"title":"用二进制分析实现应用程序限制策略的自动生成","authors":"T. Rauter, Andrea Höller, N. Kajtazovic, Christian Kreiner","doi":"10.1109/ISNCC.2015.7238568","DOIUrl":null,"url":null,"abstract":"Application-based access control technologies are used to protect systems from malicious or compromised software. Existing rule-based access control systems rely on a comprehensive policy, which defines the resources an application is allowed to access. The generation of these policies is a hard and error-prone task for system engineers. In this work, we provide a framework to automate this task and a proof-of-concept implementation that uses binary analysis to generate a model of the resource requirements of an application. We use a new approach to refine the policy by connecting different accesses to the same resource via their least common ancestor (LCA) in the call graph. Moreover, we tested the proposed methods with a commonly used web-server and they show a high potential to significantly simplify the policy generation process.","PeriodicalId":430315,"journal":{"name":"2015 International Symposium on Networks, Computers and Communications (ISNCC)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Towards an automated generation of application confinement policies with binary analysis\",\"authors\":\"T. Rauter, Andrea Höller, N. Kajtazovic, Christian Kreiner\",\"doi\":\"10.1109/ISNCC.2015.7238568\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Application-based access control technologies are used to protect systems from malicious or compromised software. Existing rule-based access control systems rely on a comprehensive policy, which defines the resources an application is allowed to access. The generation of these policies is a hard and error-prone task for system engineers. In this work, we provide a framework to automate this task and a proof-of-concept implementation that uses binary analysis to generate a model of the resource requirements of an application. We use a new approach to refine the policy by connecting different accesses to the same resource via their least common ancestor (LCA) in the call graph. Moreover, we tested the proposed methods with a commonly used web-server and they show a high potential to significantly simplify the policy generation process.\",\"PeriodicalId\":430315,\"journal\":{\"name\":\"2015 International Symposium on Networks, Computers and Communications (ISNCC)\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Symposium on Networks, Computers and Communications (ISNCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISNCC.2015.7238568\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Symposium on Networks, Computers and Communications (ISNCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISNCC.2015.7238568","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards an automated generation of application confinement policies with binary analysis
Application-based access control technologies are used to protect systems from malicious or compromised software. Existing rule-based access control systems rely on a comprehensive policy, which defines the resources an application is allowed to access. The generation of these policies is a hard and error-prone task for system engineers. In this work, we provide a framework to automate this task and a proof-of-concept implementation that uses binary analysis to generate a model of the resource requirements of an application. We use a new approach to refine the policy by connecting different accesses to the same resource via their least common ancestor (LCA) in the call graph. Moreover, we tested the proposed methods with a commonly used web-server and they show a high potential to significantly simplify the policy generation process.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
