μsCOPE: A methodology for analyzing least-privilege compartmentalization in large software artifacts

Nick Roessler, Lucas Atayde, Imani Palmer, Derrick McKee, Jai Pandey, Vasileios P. Kemerlis, Mathias Payer, Adam Bates, Jonathan M. Smith, Andre Dehon, Nathan Dautenhahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

By prioritizing simplicity and portability, least-privilege engineering has been an afterthought in OS design, resulting in monolithic kernels where any exploit leads to total compromise. μSCOPE ("microscope") addresses this problem by automatically identifying opportunities for least-privilege separation. μSCOPE replaces expert-driven, semi-automated analysis with a general methodology for exploring a continuum of security vs. performance design points by adopting a quantitative and systematic approach to privilege analysis. We apply the μSCOPE methodology to the Linux kernel by (1) instrumenting the entire kernel to gain comprehensive, fine-grained memory access and call activity; (2) mapping these accesses to semantic information; and (3) conducting separability analysis on the kernel using both quantitative privilege and overhead metrics. We discover opportunities for orders of magnitude privilege reduction while predicting relatively low overheads - at 15% mediation overhead, overprivilege in Linux can be reduced up to 99.8% - suggesting fine-grained privilege separation is feasible and laying the groundwork for accelerating real privilege separation.

Original languageEnglish (US)
Title of host publicationProceedings of 2021 24th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2021
PublisherAssociation for Computing Machinery
Pages296-311
Number of pages16
ISBN (Electronic)9781450390583
DOIs
StatePublished - Oct 6 2021
Externally publishedYes
Event24th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2021 - Virtual, Online, Spain
Duration: Oct 6 2021Oct 8 2021

Publication series

NameACM International Conference Proceeding Series

Conference

Conference24th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2021
Country/TerritorySpain
CityVirtual, Online
Period10/6/2110/8/21

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'μsCOPE: A methodology for analyzing least-privilege compartmentalization in large software artifacts'. Together they form a unique fingerprint.

Cite this