Computer Laboratory

Technical reports

Clean application compartmentalization with SOAAP (extended version)

Khilan Gudka, Robert N.M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, Alex Richardson

August 2015, 35 pages

Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”), FA8750-11-C-0249 (“MRC2”) and FA8650-15-C-7758 (CADETS) as part of the DARPA CRASH, MRC and CADETS research programs. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. Additional support was received from the Google SOAAP Focused Research Award, the Isaac Newton Trust, the EPSRC REMS Programme Grant (EP/K008528/1), the NSERC Discovery Grant (RGPIN/06048-2015), and Thales E-Security.

Abstract

Application compartmentalization, a vulnerability mitigation technique employed in programs such as OpenSSH and the Chrome web browser, decomposes software into sandboxed components to limit privileges leaked or otherwise available to attackers. However, compartmentalizing applications – and maintaining that compartmentalization – is hindered by ad hoc methodologies and significantly increased programming effort. In practice, programmers stumble through (rather than overtly reason about) compartmentalization spaces of possible decompositions, unknowingly trading off correctness, security, complexity, and performance.

We present a new conceptual framework embodied in an LLVM-based tool: the Security-Oriented Analysis of Application Programs (SOAAP) that allows programmers to reason about compartmentalization using source-code annotations (compartmentalization hypotheses). We demonstrate considerable benefit when creating new compartmentalizations for complex applications, and analyze existing compartmentalized applications to discover design faults and maintenance issues arising from application evolution.

This technical report is an extended version of the similarly named conference paper presented at the 2015 ACM Conference on Computer and Communications Security (CCS).

Full text

PDF (2.1 MB)

BibTeX record

@TechReport{UCAM-CL-TR-873,
  author =	 {Gudka, Khilan and Watson, Robert N.M. and Anderson,
          	  Jonathan and Chisnall, David and Davis, Brooks and Laurie,
          	  Ben and Marinos, Ilias and Neumann, Peter G. and
          	  Richardson, Alex},
  title = 	 {{Clean application compartmentalization with SOAAP
         	   (extended version)}},
  year = 	 2015,
  month = 	 aug,
  url = 	 {http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-873.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-873}
}