FlexC: Flexible Compartmentalization Through Automatic Policy Generation
The single address space in monolithic kernels enables vulnerabilities to compromise the entire kernel and system. An effective approach to prevent and mitigate these vulnerabilities is compartmentalization. Previous work has mostly focused on the enforcement of compartmentalization policies; to dat...
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis |
Published: |
Massachusetts Institute of Technology
2022
|
Online Access: | https://hdl.handle.net/1721.1/144506 |
_version_ | 1826213627984609280 |
---|---|
author | Ortega, Carolina Perez |
author2 | Shrobe, Howard |
author_facet | Shrobe, Howard Ortega, Carolina Perez |
author_sort | Ortega, Carolina Perez |
collection | MIT |
description | The single address space in monolithic kernels enables vulnerabilities to compromise the entire kernel and system. An effective approach to prevent and mitigate these vulnerabilities is compartmentalization. Previous work has mostly focused on the enforcement of compartmentalization policies; to date little research has addressed the creation of such policies. Users are assumed to manually create and supply policies via annotation. Automating this would allow policies to be optimized for different systems. Therefore, our goal is to build a system for creation and enforcement of policies that is automatic, easy to use, and allows exploration of multiple policies, tailored to the needs of the systems.
We introduce a mechanism for Flexible Compartmentalization through automatic policy generation, FlexC, which both creates and enforces arbitrary compartmentalization policies. FlexC automatically creates a code and data flow graph to represent the system being compartmentalized, based on static and dynamic analyses. It allows the user to select how to prioritize the static or dynamic information in the edges of the graph. Then, it merges vertices using a greedy algorithm, into a number of compartments specified by the user, creating a compartmentalization policy that is then enforced using an LLVM pass. For systems with higher security sensitivity, FlexC can create hundreds of compartments, while users that need to prioritize performance can create as few as desired. Additionally, users can easily explore the impact of different policies on their systems, and select whichever is most appropriate. We evaluated FlexC on a Linux kernel 5.10, and measured the impact on a FAT file system. Results showed an overhead with a geometric mean between 10% and 13.5% for policies with different number of compartments. Fine-grained policies can reduce the number compartments that have permission to access FAT file system compartments by 60%. |
first_indexed | 2024-09-23T15:52:16Z |
format | Thesis |
id | mit-1721.1/144506 |
institution | Massachusetts Institute of Technology |
last_indexed | 2024-09-23T15:52:16Z |
publishDate | 2022 |
publisher | Massachusetts Institute of Technology |
record_format | dspace |
spelling | mit-1721.1/1445062022-08-30T03:07:14Z FlexC: Flexible Compartmentalization Through Automatic Policy Generation Ortega, Carolina Perez Shrobe, Howard Okhravi, Hamed Burow, Nathan Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science The single address space in monolithic kernels enables vulnerabilities to compromise the entire kernel and system. An effective approach to prevent and mitigate these vulnerabilities is compartmentalization. Previous work has mostly focused on the enforcement of compartmentalization policies; to date little research has addressed the creation of such policies. Users are assumed to manually create and supply policies via annotation. Automating this would allow policies to be optimized for different systems. Therefore, our goal is to build a system for creation and enforcement of policies that is automatic, easy to use, and allows exploration of multiple policies, tailored to the needs of the systems. We introduce a mechanism for Flexible Compartmentalization through automatic policy generation, FlexC, which both creates and enforces arbitrary compartmentalization policies. FlexC automatically creates a code and data flow graph to represent the system being compartmentalized, based on static and dynamic analyses. It allows the user to select how to prioritize the static or dynamic information in the edges of the graph. Then, it merges vertices using a greedy algorithm, into a number of compartments specified by the user, creating a compartmentalization policy that is then enforced using an LLVM pass. For systems with higher security sensitivity, FlexC can create hundreds of compartments, while users that need to prioritize performance can create as few as desired. Additionally, users can easily explore the impact of different policies on their systems, and select whichever is most appropriate. We evaluated FlexC on a Linux kernel 5.10, and measured the impact on a FAT file system. Results showed an overhead with a geometric mean between 10% and 13.5% for policies with different number of compartments. Fine-grained policies can reduce the number compartments that have permission to access FAT file system compartments by 60%. M.Eng. 2022-08-29T15:52:10Z 2022-08-29T15:52:10Z 2022-05 2022-05-27T16:18:21.121Z Thesis https://hdl.handle.net/1721.1/144506 In Copyright - Educational Use Permitted Copyright MIT http://rightsstatements.org/page/InC-EDU/1.0/ application/pdf Massachusetts Institute of Technology |
spellingShingle | Ortega, Carolina Perez FlexC: Flexible Compartmentalization Through Automatic Policy Generation |
title | FlexC: Flexible Compartmentalization Through Automatic Policy Generation |
title_full | FlexC: Flexible Compartmentalization Through Automatic Policy Generation |
title_fullStr | FlexC: Flexible Compartmentalization Through Automatic Policy Generation |
title_full_unstemmed | FlexC: Flexible Compartmentalization Through Automatic Policy Generation |
title_short | FlexC: Flexible Compartmentalization Through Automatic Policy Generation |
title_sort | flexc flexible compartmentalization through automatic policy generation |
url | https://hdl.handle.net/1721.1/144506 |
work_keys_str_mv | AT ortegacarolinaperez flexcflexiblecompartmentalizationthroughautomaticpolicygeneration |