Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-18635Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Neuhaus, Stephan | - |
| dc.contributor.author | Schweizer, Remo | - |
| dc.date.accessioned | 2019-11-07T14:30:08Z | - |
| dc.date.available | 2019-11-07T14:30:08Z | - |
| dc.date.issued | 2019 | - |
| dc.identifier.isbn | 978-1-5386-7289-1 | de_CH |
| dc.identifier.issn | 0018-9219 | de_CH |
| dc.identifier.uri | https://digitalcollection.zhaw.ch/handle/11475/18635 | - |
| dc.description | © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | de_CH |
| dc.description.abstract | We propose Downright, a novel framework based on Seccomp, Berkeley Packet Filter, and PTrace, that makes it possible to equip new and existing C applications with a request broker architecture. An extensive configuration language allows AppArmor-like configuration that supports programmers in building rules for system call parameter validation and result sanitization. Access to these privileged function calls can be restricted both within Linux kernel and user spaces. Downright's main strength compared to related approaches is that it implements a complete mediation request broker architecture, in which all system calls are vetted before execution, either by the kernel or by a request broker, which runs as another process. This isolates the main program from many failures due to programming bugs and attacks, which would have to pass not only the attacked program, but the request broker also. We argue that this makes acquiring and releasing elevated privileges easier and safer. Downright eliminates the need to write Seccomp programs, instead allowing policies to be expressed declaratively through a rich policy language. We demonstrate the viability of this approach by instrumenting nginx, an industrial-strength web server and reverse proxy. While this instrumentation takes only a single line of code, we argue that even this effort can be avoided by suitable C runtime code. We show that Downright's overhead is substantial, halving nginx's perfomance, but propose measures for optimisation. | de_CH |
| dc.language.iso | en | de_CH |
| dc.publisher | IEEE | de_CH |
| dc.relation.ispartof | Proceedings of the IEEE | de_CH |
| dc.rights | Licence according to publishing contract | de_CH |
| dc.subject | Security | de_CH |
| dc.subject | Privileges | de_CH |
| dc.subject | Linux | de_CH |
| dc.subject | Unix | de_CH |
| dc.subject.ddc | 005: Computerprogrammierung, Programme und Daten | de_CH |
| dc.title | Downright : a framework and toolchain for privilege handling | de_CH |
| dc.type | Konferenz: Paper | de_CH |
| dcterms.type | Text | de_CH |
| zhaw.departement | School of Engineering | de_CH |
| zhaw.organisationalunit | Institut für Informatik (InIT) | de_CH |
| dc.identifier.doi | 10.1109/SecDev.2019.00019 | de_CH |
| dc.identifier.doi | 10.21256/zhaw-18635 | - |
| zhaw.conference.details | IEEE SecDev 2019, McLean, USA, 25 - 27 September 2019 | de_CH |
| zhaw.funding.eu | No | de_CH |
| zhaw.originated.zhaw | Yes | de_CH |
| zhaw.publication.status | acceptedVersion | de_CH |
| zhaw.publication.review | Peer review (Publikation) | de_CH |
| zhaw.title.proceedings | Proceedings of the 2019 IEEE Secure Development (SecDev) Conference | de_CH |
| zhaw.author.additional | No | de_CH |
| Appears in collections: | Publikationen School of Engineering | |
Show simple item record
Neuhaus, S., & Schweizer, R. (2019). Downright : a framework and toolchain for privilege handling. Proceedings of the IEEE. https://doi.org/10.1109/SecDev.2019.00019
Neuhaus, S. and Schweizer, R. (2019) ‘Downright : a framework and toolchain for privilege handling’, in Proceedings of the IEEE. IEEE. Available at: https://doi.org/10.1109/SecDev.2019.00019.
S. Neuhaus and R. Schweizer, “Downright : a framework and toolchain for privilege handling,” in Proceedings of the IEEE, 2019. doi: 10.1109/SecDev.2019.00019.
NEUHAUS, Stephan und Remo SCHWEIZER, 2019. Downright : a framework and toolchain for privilege handling. In: Proceedings of the IEEE. Conference paper. IEEE. 2019. ISBN 978-1-5386-7289-1
Neuhaus, Stephan, and Remo Schweizer. 2019. “Downright : A Framework and Toolchain for Privilege Handling.” Conference paper. In Proceedings of the IEEE. IEEE. https://doi.org/10.1109/SecDev.2019.00019.
Neuhaus, Stephan, and Remo Schweizer. “Downright : A Framework and Toolchain for Privilege Handling.” Proceedings of the IEEE, IEEE, 2019, https://doi.org/10.1109/SecDev.2019.00019.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.