Abstract
Application compartmentalisation decomposes software applications into sandboxed components, each delegated only the rights it requires to operate. Compartmentalisation is seeing increased deployment in vulnerability mitigation, motivated informally by appeal to the principle of least privilege. Drawing a comparison with capability systems, we consider how a distributed system interpretation supports an argument that compartmentalisation improves application security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Accetta, M., Baron, R., Golub, D., Rashid, R., Tevanian, A., Young, M.: Mach: A New Kernel Foundation for UNIX Development. Tech. rep., Computer Science Department, Carnegie Mellon University (August 1986)
Anderson, J.P.: Computer Security Technology Planning Study. Tech. rep., Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01730 (October 1972)
Andronick, J., Greenaway, D., Elphinstone, K.: Towards proving security in the presence of large untrusted components. In: Proceedings of the 5th Workshop on Systems Software Verification (October 2010)
Bittau, A., Marchenko, P., Handley, M., Karp, B.: Wedge: Splitting Applications into Reduced-Privilege Compartments. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pp. 309–322. USENIX Association (2008)
Boebert, W.E., Kain, R.Y.: A practical alternative to hierarchical integrity policies. In: Proceedings of the 8th National Computer Security Conference (1985)
Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 5. USENIX Association, Berkeley (2004)
Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations. Commun. ACM 9(3), 143–155 (1966)
Gudka, K., Watson, R.N.M., Hand, S., Laurie, B., Madhavapeddy, A.: Exploring compartmentalisation hypotheses with SOAAP. In: Proceedings of the Workshop on Adaptive Host and Network Security (AHANS 2012). IEEE (September 2012)
Harris, W.R., Farley, B., Jha, S., Reps, T.: Secure Programming as a Parity Game. Tech. Rep. 1694, University of Wisconsin Madison (July 2011)
Karger, P.A.: Limiting the damage potential of discretionary trojan horses. In: IEEE Symposium on Security and Privacy, pp. 32–37 (1987)
Kilpatrick, D.P.: A Library for Partitioning Applications. In: Proceedings of USENIX Annual Technical Conference, pp. 273–284. USENIX Association (2003)
Klein, G., Andronick, J., Elphinstone, K., Heiser, G., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an operating-system kernel. Commun. ACM 53, 107–115 (2009)
Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Transactions on Programming Languages and Systems 4(3), 382–401 (1982)
Levin, R., Cohen, E., Corwin, W., Pollack, F., Wulf, W.: Policy/mechanism separation in Hydra. In: SOSP 1975: Proceedings of the Fifth ACM Symposium on Operating Systems Principles, pp. 132–140. ACM, New York (1975)
Lipner, S.B., Wulf, W.A., Schell, R.R., Popek, G.J., Neumann, P.G., Weissman, C., Linden, T.A.: Security kernels. In: AFIPS 1974: Proceedings of the National Computer Conference and Exposition, May 6-10, pp. 973–980. ACM, New York (1974)
Loscocco, P.A., Smalley, S.D.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proceedings of the USENIX Annual Technical Conference, pp. 29–42. USENIX Association (June 2001)
Mettler, A., Wagner, D., Close, T.: Joe-E: A Security-Oriented Subset of Java. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2010 (February 2010)
Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (May 2008), http://google-caja.googlecode.com/files/caja-spec-2008-06-07.pdf
Neumann, P.G.: Principled assuredly trustworthy composable architectures. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park (December 2004)
Neumann, P.G., Boyer, R.S., Feiertag, R.J., Levitt, K.N., Robinson, L.: A Provably Secure Operating System: The System, Its Applications, and Proofs, Second Edition. Tech. Rep. CSL-116, Computer Science Laboratory, SRI International (May 1980)
Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: Proceedings of the 12th Conference on USENIX Security Symposium SSYM 2003, vol. 12, p. 16. USENIX Association, Berkeley (2003)
Reis, C., Gribble, S.D.: Isolating web programs in modern browser architectures. In: EuroSys 2009: Proceedings of the 4th ACM European Conference on Computer Systems, pp. 219–232. ACM, New York (2009)
Robertson, P., Laddaga, R.: Adaptive security and trust. In: Proceedings of the Workshop on Adative Host and Network Security. IEEE (Septmeber 2012)
Saltzer, J.H.: Protection and control of information sharing in Multics. In: SOSP 1973: Proceedings of the fourth ACM Symposium on Operating System Principles. ACM, New York (1973)
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)
Watson, R.N.M., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: Practical capabilities for UNIX. In: Proceedings of the 19th USENIX Security Symposium. USENIX Association, Berkeley (2010)
Wilkes, M., Needham, R., The Cambridge, C.A.P.: Computer and Its Operating System. Elsevier North Holland, New York (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Watson, R.N.M., Murdoch, S.J., Gudka, K., Anderson, J., Neumann, P.G., Laurie, B. (2013). Towards a Theory of Application Compartmentalisation. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J., Bonneau, J. (eds) Security Protocols XXI. Security Protocols 2013. Lecture Notes in Computer Science, vol 8263. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41717-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-41717-7_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41716-0
Online ISBN: 978-3-642-41717-7
eBook Packages: Computer ScienceComputer Science (R0)