Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:Techniques to enforce security policies on untrusted applications
Speaker:Anjo Vahldiek-Oberwagner
coming from:Max Planck Institute for Software Systems
Speakers Bio:
Event Type:SWS Student Defense Talks - Thesis Proposal
We use this to send out email in the morning.
Level:Public Audience
Date, Time and Location
Date:Monday, 7 August 2017
Duration:60 Minutes
Building:E1 5
As the dependence on ever-present computer systems increases, so does the potential harm in case software or hardware deviates from user expectations. Users lose data or find illicitly leaked data. To overcome such inadvertent behavior, existing reference monitors fail to (1) protect the confidentiality and integrity of persistent data, and (2) efficiently and robustly mediate untrusted applications.

In this proposal we present two reference monitors targeting these shortcomings. We demonstrate the design, implementation, and evaluation of Guardat and ERIM.

The policies protecting persistent data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfiguration. In Guardat users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. We show experimentally that Guardat overhead is low.

While Guardat enforces at the storage layer, it cannot enforce policies over in-memory state of untrusted applications. In contrast to existing techniques, ERIM efficiently mediates an application’s execution by isolating a reference monitor in the same address space. By using Intel Memory Protection Keys in combination with static binary rewriting, ERIM isolates the monitor’s state from strong, malicious adversaries. We propose binary rewriting rules to harden existing executable files and detail use cases in which prior art relied on less robust protection at similar performance.

Video Broadcast
Video Broadcast:YesTo Location:Kaiserslautern
To Building:G26To Room:113
Meeting ID:
Tags, Category, Keywords and additional notes
Attachments, File(s):

Maria-Louise Albrecht/MPI-KLSB, 08/09/2017 05:06 PM
Last modified:
Maria-Louise Albrecht/MPI-KLSB, 08/09/2017 05:09 PM
  • Maria-Louise Albrecht, 08/09/2017 05:09 PM -- Created document.