Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers

Research Article

Salus: Non-hierarchical Memory Access Rights to Enforce the Principle of Least Privilege

Download
413 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-04283-1_16,
        author={Niels Avonds and Raoul Strackx and Pieter Agten and Frank Piessens},
        title={Salus: Non-hierarchical Memory Access Rights to Enforce the Principle of Least Privilege},
        proceedings={Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2014},
        month={6},
        keywords={Privilege separation principle of least privilege modularization},
        doi={10.1007/978-3-319-04283-1_16}
    }
    
  • Niels Avonds
    Raoul Strackx
    Pieter Agten
    Frank Piessens
    Year: 2014
    Salus: Non-hierarchical Memory Access Rights to Enforce the Principle of Least Privilege
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-04283-1_16
Niels Avonds1,*, Raoul Strackx1,*, Pieter Agten1,*, Frank Piessens1,*
  • 1: KU Leuven
*Contact email: niels.avonds@student.kuleuven.be, Raoul.Strackx@cs.kuleuven.be, Pieter.Agten@cs.kuleuven.be, Frank.Piessens@cs.kuleuven.be

Abstract

Consumer devices are increasingly being used to perform security and privacy critical tasks. The software used to perform these tasks is often vulnerable to attacks, due to bugs in the application itself or in included software libraries. Recent work proposes the isolation of security-sensitive parts of applications into protected modules, each of which can only be accessed through a predefined public interface. But most parts of an application can be considered security-sensitive at some level, and an attacker that is able to gain in-application level access may be able to abuse services from protected modules.