Title :
Component-Oriented Monitoring of Binaries for Security
Author :
Rajkumar, Raghavendra ; Wang, Andrew ; Hiser, Jason D. ; Nguyen-Tuong, Anh ; Davidson, Jack W. ; Knight, John C.
Author_Institution :
Dept. of Comput. Sci., Univ. of Virginia, Charlottesville, VA, USA
Abstract :
Security monitoring systems operate typically at the process level. Various authors have indicated that monitoring at a finer level of granularity than the process is highly desirable. In this paper, we introduce COMB, a framework for imposing policies to confine the behavior of applications. Unlike previous approaches, our technique is applied per component (functions, libraries, and/or plugins) while requiring only the availability of the binary executable form of the program. To demonstrate the feasibility of COMB, we report a case study on a real-world, representative program, the Firefox web browser. Two characteristics of Firefox permit possibly untrusted code to be executed. First, it provides an extensible architecture to allow third-party developers to extend its functionality, and second it makes use of more than 150 external libraries. Using a simple system-call monitoring policy applied to Firefox plugins, we show that COMB can provide protection with reasonable overhead.
Keywords :
authorisation; computerised monitoring; online front-ends; supervisory programs; COMB; Firefox Web browser; binary executable form; component-oriented monitoring of binaries; security monitoring; system-call monitoring policy; Browsers; Context; Fires; Libraries; Monitoring; Prototypes; Software;
Conference_Titel :
System Sciences (HICSS), 2011 44th Hawaii International Conference on
Conference_Location :
Kauai, HI
Print_ISBN :
978-1-4244-9618-1
DOI :
10.1109/HICSS.2011.122
