Skip to main content
SpringerLink
Log in

Towards a Theory of Application Compartmentalisation

  • Conference paper
Book cover Security Protocols XXI (Security Protocols 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8263))

Included in the following conference series:

  • 646 Accesses

Abstract

Application compartmentalisation decomposes software applications into sandboxed components, each delegated only the rights it requires to operate. Compartmentalisation is seeing increased deployment in vulnerability mitigation, motivated informally by appeal to the principle of least privilege. Drawing a comparison with capability systems, we consider how a distributed system interpretation supports an argument that compartmentalisation improves application security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Accetta, M., Baron, R., Golub, D., Rashid, R., Tevanian, A., Young, M.: Mach: A New Kernel Foundation for UNIX Development. Tech. rep., Computer Science Department, Carnegie Mellon University (August 1986)

    Google Scholar 

  2. Anderson, J.P.: Computer Security Technology Planning Study. Tech. rep., Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01730 (October 1972)

    Google Scholar 

  3. Andronick, J., Greenaway, D., Elphinstone, K.: Towards proving security in the presence of large untrusted components. In: Proceedings of the 5th Workshop on Systems Software Verification (October 2010)

    Google Scholar 

  4. Bittau, A., Marchenko, P., Handley, M., Karp, B.: Wedge: Splitting Applications into Reduced-Privilege Compartments. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pp. 309–322. USENIX Association (2008)

    Google Scholar 

  5. Boebert, W.E., Kain, R.Y.: A practical alternative to hierarchical integrity policies. In: Proceedings of the 8th National Computer Security Conference (1985)

    Google Scholar 

  6. Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 5. USENIX Association, Berkeley (2004)

    Google Scholar 

  7. Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations. Commun. ACM 9(3), 143–155 (1966)

    Article  MATH  Google Scholar 

  8. Gudka, K., Watson, R.N.M., Hand, S., Laurie, B., Madhavapeddy, A.: Exploring compartmentalisation hypotheses with SOAAP. In: Proceedings of the Workshop on Adaptive Host and Network Security (AHANS 2012). IEEE (September 2012)

    Google Scholar 

  9. Harris, W.R., Farley, B., Jha, S., Reps, T.: Secure Programming as a Parity Game. Tech. Rep. 1694, University of Wisconsin Madison (July 2011)

    Google Scholar 

  10. Karger, P.A.: Limiting the damage potential of discretionary trojan horses. In: IEEE Symposium on Security and Privacy, pp. 32–37 (1987)

    Google Scholar 

  11. Kilpatrick, D.P.: A Library for Partitioning Applications. In: Proceedings of USENIX Annual Technical Conference, pp. 273–284. USENIX Association (2003)

    Google Scholar 

  12. Klein, G., Andronick, J., Elphinstone, K., Heiser, G., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an operating-system kernel. Commun. ACM 53, 107–115 (2009)

    Article  Google Scholar 

  13. Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Transactions on Programming Languages and Systems 4(3), 382–401 (1982)

    Article  MATH  Google Scholar 

  14. Levin, R., Cohen, E., Corwin, W., Pollack, F., Wulf, W.: Policy/mechanism separation in Hydra. In: SOSP 1975: Proceedings of the Fifth ACM Symposium on Operating Systems Principles, pp. 132–140. ACM, New York (1975)

    Google Scholar 

  15. Lipner, S.B., Wulf, W.A., Schell, R.R., Popek, G.J., Neumann, P.G., Weissman, C., Linden, T.A.: Security kernels. In: AFIPS 1974: Proceedings of the National Computer Conference and Exposition, May 6-10, pp. 973–980. ACM, New York (1974)

    Chapter  Google Scholar 

  16. Loscocco, P.A., Smalley, S.D.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proceedings of the USENIX Annual Technical Conference, pp. 29–42. USENIX Association (June 2001)

    Google Scholar 

  17. Mettler, A., Wagner, D., Close, T.: Joe-E: A Security-Oriented Subset of Java. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2010 (February 2010)

    Google Scholar 

  18. Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (May 2008), http://google-caja.googlecode.com/files/caja-spec-2008-06-07.pdf

  19. Neumann, P.G.: Principled assuredly trustworthy composable architectures. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park (December 2004)

    Google Scholar 

  20. Neumann, P.G., Boyer, R.S., Feiertag, R.J., Levitt, K.N., Robinson, L.: A Provably Secure Operating System: The System, Its Applications, and Proofs, Second Edition. Tech. Rep. CSL-116, Computer Science Laboratory, SRI International (May 1980)

    Google Scholar 

  21. Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: Proceedings of the 12th Conference on USENIX Security Symposium SSYM 2003, vol. 12, p. 16. USENIX Association, Berkeley (2003)

    Google Scholar 

  22. Reis, C., Gribble, S.D.: Isolating web programs in modern browser architectures. In: EuroSys 2009: Proceedings of the 4th ACM European Conference on Computer Systems, pp. 219–232. ACM, New York (2009)

    Google Scholar 

  23. Robertson, P., Laddaga, R.: Adaptive security and trust. In: Proceedings of the Workshop on Adative Host and Network Security. IEEE (Septmeber 2012)

    Google Scholar 

  24. Saltzer, J.H.: Protection and control of information sharing in Multics. In: SOSP 1973: Proceedings of the fourth ACM Symposium on Operating System Principles. ACM, New York (1973)

    Google Scholar 

  25. Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  26. Watson, R.N.M., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: Practical capabilities for UNIX. In: Proceedings of the 19th USENIX Security Symposium. USENIX Association, Berkeley (2010)

    Google Scholar 

  27. Wilkes, M., Needham, R., The Cambridge, C.A.P.: Computer and Its Operating System. Elsevier North Holland, New York (1979)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Cambridge, UK

    Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka & Jonathan Anderson

  2. SRI International, USA

    Peter G. Neumann

  3. Google UK Ltd., UK

    Ben Laurie

Authors
  1. Robert N. M. Watson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven J. Murdoch
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khilan Gudka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jonathan Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter G. Neumann
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ben Laurie
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, University of Hertfordshire, Hatfield, AL10 9AB, Hertfordshire, UK

    Bruce Christianson  & James Malcolm  & 

  2. Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, CB3 0FD, Cambridge, UK

    Frank Stajano  & Jonathan Anderson  & 

  3. Center for Information Technology Policy, Princeton University, Sherred Hall, 08540, Princeton, NJ, USA

    Joseph Bonneau

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Watson, R.N.M., Murdoch, S.J., Gudka, K., Anderson, J., Neumann, P.G., Laurie, B. (2013). Towards a Theory of Application Compartmentalisation. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J., Bonneau, J. (eds) Security Protocols XXI. Security Protocols 2013. Lecture Notes in Computer Science, vol 8263. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41717-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41717-7_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41716-0

  • Online ISBN: 978-3-642-41717-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation