Title :
Exploring Compartmentalisation Hypotheses with SOAAP
Author :
Gudka, K. ; Watson, R.N.M. ; Hand, Steve ; Laurie, Ben ; Madhavapeddy, A.
Author_Institution :
Univ. of Cambridge, Cambridge, UK
Abstract :
Application compartmentalisation decomposes software into sandboxed components in order to mitigate security vulnerabilities, and has proven effective in limiting the impact of compromise. However, experience has shown that adapting existing C-language software is difficult, often leading to problems with correctness, performance, complexity, and most critically, security. Security-Oriented Analysis of Application Programs (SOAAP) is an in-progress research project into new semi-automated techniques to support compartmentalisation. SOAAP employs a variety of static and dynamic approaches, driven by source code annotations termed compartmentalisation hypotheses, to help programmers evaluate strategies for compartmentalising existing software.
Keywords :
application program interfaces; security of data; software engineering; C-language software; SOAAP; compartmentalisation hypothesis; security vulnerability; security-oriented analysis of application program; software complexity; software correctness; software decomposition; software performance; software security; source code annotation; Privilege separation; capability system; compartmentalisation; object capabilities; program analysis; sandbox;
Conference_Titel :
Self-Adaptive and Self-Organizing Systems Workshops (SASOW), 2012 IEEE Sixth International Conference on
Conference_Location :
Lyon
Print_ISBN :
978-1-4673-5153-9
DOI :
10.1109/SASOW.2012.14
