The vast majority of the code in most applications comes from the libraries it imports, rather than the program itself. As a result, hackers often exploit flaws in libraries like glibc or openssl that are used across multiple applications instead of attacking individual flaws in code specific to the application. This makes it easier for an attacker to compromise many applications at once with a single exploit. This work isolates the impact of flaws in a deployed program into the smallest area possible. This will dramatically increase the security of applications in the cloud, on mobile phones, and everything in between.
To achieve this goal, this research develops a new abstraction that acts as a lightweight and extremely efficient intra-process isolation mechanism that builds on recent advances from operating system virtualization and memory-safe code execution (such as SFI). This abstraction, called a cage, allows different pieces of code that execute in the same process to be isolated from each other. This means that a flaw within a piece of code can only be used to exploit the code within that cage. Each cage also conceptually is its own process from an resource accounting standpoint. In addition, calls between cages are extremely lightweight and do not require a context switch or OS intervention. The cage abstraction provides an isolation mechanism that is high-performance and with very low overhead while improving application security.
|