Temporal System Call Specialization for Attack Surface Reduction

Ghavamnia, Seyedhamed

View/Open

ghavamnia.mp4 (95.50Mb)

ghavamnia_videostream.html (1.323Kb)

transcript.txt (31.00Kb)

thumbnail.jpg (56.19Kb)

Date

2020-10-16

Author

Ghavamnia, Seyedhamed

Metadata

Show full item record

Abstract

Attack surface reduction through the removal of unnecessary application features and code is a promising technique for improving security without incurring any additional overhead. Recent software debloating techniques consider an application’s entire lifetime when extracting its code requirements, and reduce the attack surface accordingly. In this talk, we present temporal specialization, a novel approach for limiting the set of system calls available to a process depending on its phase of execution. Our approach is tailored to server applications, which exhibit distinct initialization and serving phases with different system call requirements. We present novel static analysis techniques for improving the precision of extracting the application’s call graph for each execution phase, which is then used to pinpoint the system calls used in each phase. We show that requirements change throughout the lifetime of servers, and many dangerous system calls (such as execve) can be disabled after the completion of the initialization phase.

URI

http://hdl.handle.net/1853/63798

Collections

Institute for Information Security & Privacy Cybersecurity Lecture Series [117]