@inproceedings{10.1145/3447852.3458717,
author = {Huang, Zhen and Jaeger, Trent and Tan, Gang},
title = {{Fine-grained Program Partitioning for Security}},
year = {2021},
isbn = {9781450383370},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3447852.3458717},
doi = {10.1145/3447852.3458717},
abstract = {Complex software systems are often not designed with the principle of least privilege, which requires each component be given the minimum amount of privileges to function. As a result, software vulnerabilities in less privileged code can lead to privilege escalation, defeating security and privacy. Privilege separation is the process of automatically partitioning a software system into least privileged components, and we argue that it is effective at reducing the attack surface. However, previous privilege-separation systems do not provide fine-grained separation of privileged code and non-privileged code co-existing in the same function for C/C++ applications. We propose a fine-grained partitioning technique for supporting fine-grained separation in automatic program partitioning. The technique has been applied to a set of security-sensitive networking and interactive programs. Results show that it can automatically generate executable partitions for C applications; further, partitioned programs incur acceptable runtime overheads.},
booktitle = {Proceedings of the 14th European Workshop on Systems Security},
pages = {21--26},
numpages = {6},
keywords = {software security, program analysis, program partitioning, principle of least privilege},
location = {Online, United Kingdom},
series = {EuroSec '21}
}