|
 ABSTRACT
When computer systems are compromised by an attack, it is difficult to determine the precise extent of the damage caused by the attack because the state changes made by an attacker and those made by regular users can be closely intertwined. This problem occurs due to implicit sharing in operating systems, and it can be especially severe for persistent state. In particular, the file system provides a single namespace that when compromised can have cascading effects on the entire system, making intrusion analysis and recovery a time-consuming and error-prone process. In this paper, we present Solitude, an application-level isolation and recovery system that is designed to both limit the effects of attacks and simplify the post-intrusion recovery process. Solitude uses a copy-on-write filesystem to provide a transparent, restricted privilege isolation environment for running untrusted applications, and it uses an explicit file sharing mechanism across the isolation environments that limits attack propagation without compromising functionality. Solitude provides two modes of recovery. If a sandboxed application proves to be untrustworthy, a course-grained recovery method allows easily removing the footprint of the software. However, if a user mistakenly moves malicious files to the trusted environment via explicit file sharing, then Solitude uses data dependency tracking to allow fine-grained recovery.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
Microsoft Corporatin. Microsoft SoftGrid. http://www.microsoft.com/systemcenter/softgrid/evaluation/virtualization.mspx, 2007.
|
 |
3
|
Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: end-to-end containment of internet worms, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
|
| |
4
|
Steve Friedl. Best practices for UNIX chroot() operations. http://www.unixwiz.net/techtips/chroot-practices.html, January 2002.
|
| |
5
|
|
| |
6
|
Ashvin Goel , Kenneth Po , Kamran Farhadi , Zheng Li , Eyal de Lara, The taser intrusion recovery system, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
|
| |
7
|
|
| |
8
|
Matt Hines. Google buys into security, acquires GreenBorder. http://www.infoworld.com/article/07/05/29/Google-buys-into-AV_1.html, May 2007.
|
| |
9
|
|
| |
10
|
|
| |
11
|
Poul-Henning Kamp and R. N. M. Watson. Jails: Confining the omnipotent root. In Proceedings of the Second International SANE Conference, 2002.
|
| |
12
|
|
| |
13
|
John Leyden. Spyware poses as Firefox extension. urlhttp://www.theregister.co.uk/2006/07/26/firefox_malware_extension, July 2006.
|
| |
14
|
|
| |
15
|
Linux. Man capabilities(7) in Linux man page. Confirming to POSIX.1e.
|
| |
16
|
|
| |
17
|
Bharat Mediratta. Gallery photo album organizer. http://gallery.menalto.com/, 2004.
|
| |
18
|
James Newsome and Dawn Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium, February 2005.
|
| |
19
|
|
| |
20
|
|
| |
21
|
|
| |
22
|
|
| |
23
|
|
| |
24
|
A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, January 2003.
|
| |
25
|
Douglas S. Santry , Michael J. Feeley , Norman C. Hutchinson , Alistair C. Veitch , Ross W. Carton , Jacob Ofir, Deciding when to forget in the Elephant file system, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.110-123, December 12-15, 1999, Charleston, South Carolina, United States
|
| |
26
|
Secure chroot barrier - Linux-Vserver. http://linux-vserver.org/Secure_chroot_Barrier, viewed in Aug 2007.
|
| |
27
|
Fareha Shafique. Application-level file system isolation. Master's thesis, University of Toronto, December 2007.
|
| |
28
|
Stephen Soltesz , Herbert Pötzl , Marc E. Fiuczynski , Andy Bavier , Larry Peterson, Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors, Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007, March 21-23, 2007, Lisbon, Portugal
|
| |
29
|
G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas, Secure program execution via dynamic information flow tracking, Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, October 07-13, 2004, Boston, MA, USA
|
| |
30
|
Weiqing Sun, Zhenkai Liang, R. Sekar, and V. N. Venkatakrishnan. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments. In Proceedings of the Network and Distributed System Security Symposium, February 2005.
|
| |
31
|
Miklos Szeredi. File system in user space (FUSE). http://fuse.sourgeforge.net.
|
| |
32
|
D. B. Terry , M. M. Theimer , Karin Petersen , A. J. Demers , M. J. Spreitzer , C. H. Hauser, Managing update conflicts in Bayou, a weakly connected replicated storage system, Proceedings of the fifteenth ACM symposium on Operating systems principles, p.172-182, December 03-06, 1995, Copper Mountain, Colorado, United States
|
| |
33
|
David Thiel. Exposing vulnerabilities in media software. Black Hat USA 2007, http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#thiel, August 2007.
|
| |
34
|
Surendra Verma and Charles Torre. Vista transactional file system, December 2005. http://channel9.msdn.com/Showpost.aspx?postid=142120.
|
| |
35
|
|
| |
36
|
David Wagner and Dean Tribble. A security architecture of the combex darpabrowser architecture, March 2002. http://www.combex.com/papers/darpa-review/security-review.pdf.
|
| |
37
|
Andy Watson and Paul Benn. Multiprotocol Data Access: NFS, CIFS, and HTTP. Technical Report TR3014, Network Appliance, Inc., 1999. http://www.netapp.com/tech_library/3014.html.
|
| |
38
|
Nickolai Zeldovich , Silas Boyd-Wickizer , Eddie Kohler , David Mazières, Making information flow explicit in HiStar, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.19-19, November 06-08, 2006, Seattle, WA
|
| |
39
|
Ningning Zhu and Tzi-Cker Chiueh. Design, implementation, and evaluation of repairable file service. In Proceedings of the IEEE Dependable Systems and Networks, pages 217--226, June 2003.
|
CITED BY 2
|
|
|
|
|
Yunxin Liu , Ahmad Rahmati , Yuanhe Huang , Hyukjae Jang , Lin Zhong , Yongguang Zhang , Shensheng Zhang, xShare: supporting impromptu sharing of mobile phones, Proceedings of the 7th international conference on Mobile systems, applications, and services, June 22-25, 2009, Kraków, Poland
|
INDEX TERMS
Primary Classification:
D.
Software
D.4
OPERATING SYSTEMS
D.4.6
Security and Protection
Subjects:
Access controls
Additional Classification:
D.
Software
D.4
OPERATING SYSTEMS
D.4.5
Reliability
Subjects:
Fault-tolerance;
Backup procedures
D.4.6
Security and Protection
Subjects:
Invasive software (e.g., viruses, worms, Trojan horses)
E.
Data
E.5
FILES
Subjects:
Backup/recovery
General Terms:
Management,
Reliability,
Security
Keywords:
access control,
copy-on-write,
file systems,
recovery,
taint analysis,
transactional file system
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf