BreakApp: Automated, Flexible Application Compartmentalization

Vasilakis, Nikos; Karel, Ben; Roessler, Nick; Dautenhahn, Nathan; DeHon, André; Smith, Jonathan M.

doi:10.14722/ndss.2018.23131

Cited by 36 publications

(32 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security-oriented compartmentalization [8,11,44] decomposes software into multiple isolated components with the goal of improving its security properties-and often at the boundaries of (third-party) modules [47,59,84,86]. However, it does not leverage runtime profiling, and is usually static, targeting privilege reduction rather than performance increase.…”

Section: Related Workmentioning

confidence: 99%

“…Light-touch distribution occupies a known middle-ground [10,54,86] between flexibility and automation ( §9), and is enabled today by a confluence of trends in software developmentnamely, the increasingly pervasive use of (i) dynamic, interpreted languages, (ii) fine-grained modules with clear boundaries, and (iii) cooperatively concurrent, continuationpassing programming styles (CPS). Examples of such environments include JavaScript, Julia, and Lua; our Ignis prototype targets server-side JavaScript ( §7).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Ignis: scaling distribution-oblivious systems with light-touch distribution

Vasilakis

Karel

Palkhiwala

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

Distributed systems offer notable benefits over their centralized counterparts. Reaping these benefits, however, requires burdensome developer effort to identify and rewrite bottlenecked components. Light-touch distribution is a new approach that converts a legacy system into a distributed one using automated transformations. Transformations operate at the boundaries of bottlenecked modules and are parametrizable by light distribution recipes that guide the intended semantics of the resulting distribution. Transformations and recipes operate at runtime, adapting to load by scaling out only saturated components. Our Ignis prototype shows substantial speedups, attractive elasticity characteristics, and memory gains over full replication, achieved by small and backward-compatible code changes. CCS Concepts • Computer systems organization → Distributed architectures; Cloud computing; • Software and its engineering → Extra-functional properties; Software as a service orchestration system.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Ignis: scaling distribution-oblivious systems with light-touch distribution

Vasilakis

Karel

Palkhiwala

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

show abstract

“…Further transformations (not detailed) aim to detect module accesses to their surrounding environment-including accesses to global variables, top-level objects, etc.-and capture a module's full observable behavior. One way to achieve this is by shadowing and transforming free variables in the module environment during the module-loading process [79,81].…”

Section: Breaking Down Into Modulesmentioning

confidence: 99%

“…To infer large-scale applications, we propose to exploit the modularity of modern software to enable effective (and scalable) inference. This direction leverages the trend of increasingly popular third-party library usage [6,16,52,79,81,89]. Applications with less modular designs will likely present a cost-of-inference challenge and the need for refining the observation and inference models used.…”

Section: Challenges and Threats To Validitymentioning

confidence: 99%

Active learning for software engineering

Cambronero

Dang

Vasilakis

et al. 2019

Proceedings of the 2019 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Sof

Self Cite

View full text Add to dashboard Cite

Software applications have grown increasingly complex to deliver the features desired by users. Software modularity has been used as a way to mitigate the costs of developing such complex software. Active learning-based program inference provides an elegant framework that exploits this modularity to tackle development correctness, performance and cost in large applications. Inferred programs can be used for many purposes, including generation of secure code, code re-use through automatic encapsulation, adaptation to new platforms or languages, and optimization. We show through detailed examples how our approach can infer three modules in a representative application. Finally, we outline the broader paradigm and open research questions. CCS Concepts • Software and its engineering → Software development techniques.

show abstract

“…We need not be very precise, here, about the details of the source language; we just assume that it is equipped with some compartmentalization facility [33,78] that allows programmers to break up security-critical applications into mutually distrustful components that have clearly specified privileges and can only interact via well-defined interfaces. In fact we assume that the interface of each component gives a precise description of its privilege.…”

Section: Rscc By Examplementioning

confidence: 99%

When Good Components Go Bad

Abate

Amorim

Blanco

et al. 2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior-for example, by accessing an array out of bounds. Our criterion is the first to model dynamic compromise in a system of mutually distrustful components with clearly specified privileges. It articulates how each component should be protected from all the others-in particular, from components that have encountered undefined behavior and become compromised. Each component receives secure compilation guarantees-in particular, its internal invariants are protected from compromised componentsup to the point when this component itself becomes compromised, after which we assume an attacker can take complete control and use this component's privileges to attack other components. More precisely, a secure compilation chain must ensure that a dynamically compromised component cannot break the safety properties of the system at the target level any more than an arbitrary attackercontrolled component (with the same interface and privileges, but without undefined behaviors) already could at the source level. To illustrate the model, we construct a secure compilation chain for a small unsafe language with buffers, procedures, and components, targeting a simple abstract machine with built-in compartmentalization. We give a careful proof (mostly machine-checked in Coq) that this compiler satisfies our secure compilation criterion. Finally, we show that the protection guarantees offered by the compartmentalized abstract machine can be achieved at the machine-code level using either software fault isolation or a tagbased reference monitor.

show abstract

BreakApp: Automated, Flexible Application Compartmentalization

Cited by 36 publications

References 28 publications

Ignis: scaling distribution-oblivious systems with light-touch distribution

Ignis: scaling distribution-oblivious systems with light-touch distribution

Active learning for software engineering

When Good Components Go Bad

Contact Info

Product

Resources

About