Towards Fine-grained, Automated Application Compartmentalization
Autor: | Ben Karel, Nathan Dautenhahn, André DeHon, Nick Roessler, Nikos Vasilakis, Jonathan M. Smith |
---|---|
Rok vydání: | 2017 |
Předmět: |
021110 strategic
defence & security studies Computer science Distributed computing 0211 other engineering and technologies Compartmentalization (information security) 0102 computer and information sciences 02 engineering and technology JavaScript 01 natural sciences Sketch Range (mathematics) 010201 computation theory & mathematics Code (cryptography) computer computer.programming_language |
Zdroj: | PLOS@SOSP |
Popis: | The rise of language-specific, third-party packages simplifies application development. However, relying on untrusted code poses a threat to security and reliability.In this work, we propose exploiting module boundaries --and the general trend towards more and smaller modules --to achieve fine-grained compartmentalization. Automated transformations can hide compartment boundaries and minimize developer effort. Optional policy expressions can decouple security assumptions at development time from requirements during composition and runtime. Using JavaScript's flourishing ecosystem, we discuss a wide range of risks and sketch how the use of language-level solutions coupled systemic mechanisms can protect against them. |
Databáze: | OpenAIRE |
Externí odkaz: |