Bugtraq mailing list archives
Re: Need help. Proof of concept 100% security.
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 15 Aug 2003 12:56:10 -0700
Balwinder Singh wrote:
This sounds somewhat similar to our SubDomain <http://immunix.org/subdomain.html> product, which profiles applications in terms of what files they may access. It sounds very similar to the approach taken by Systrace <http://www.citi.umich.edu/u/provos/systrace/>, Okena <http://newsroom.cisco.com/dlls/corp_012403.html> and Entercept <http://www.entercept.com/>, which like EFC, profile applications in terms of which system calls they may invoke.I have developed an application, which I believe can provide 100% security against various attacks.I can hear people laughing. Hmm.. The applications is called Execution Flow Control (EFC). Details of software can be found at http://203.197.88.14/efc
At least Systrace also allows you to profile the arguments presented to syscalls, so you can fake SubDomain's file access control paradigm. This is important, because "touch /etc/pointless" is rather different from "touch /etc/hosts.allow". It is unclear from the EFC documents if EFC supports argument profiling.
The advantages of syscall access control: * more expressive: if you know that application Foo has no business calling e.g. mkdir, then you can catch exploits that try to leverage that kind of thing. The advantages of SubDomain: * It is easier to generate a file access profile for an application than a syscall profile. Instead, SubDomain just has a long list of prohibited/dangerous syscalls for confined applications, letting the admin think about important stuff (which files to grant access to) and ignore less important stuff (who cares if *this* app calls getpid?). * Syscall mediation is prone to race conditions inside the kernel if it is implemented using syscall interposition. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
Current thread:
- Need help. Proof of concept 100% security. Balwinder Singh (Aug 15)
- Re: Need help. Proof of concept 100% security. Nicholas Weaver (Aug 15)
- Re: Need help. Proof of concept 100% security. Clifton Royston (Aug 15)
- Re: Need help. Proof of concept 100% security. Balwinder Singh (Aug 18)
- Re: Need help. Proof of concept 100% security. Kyle Roger Hofmann (Aug 19)
- Re: Need help. Proof of concept 100% security. Balwinder Singh (Aug 18)
- Re: Need help. Proof of concept 100% security. Crispin Cowan (Aug 15)
- Re: Need help. Proof of concept 100% security. Alaric B Snell (Aug 18)
- Re: Need help. Proof of concept 100% security. Anil Madhavapeddy (Aug 18)
- Re: Need help. Proof of concept 100% security. ari (Aug 20)
- Re: Need help. Proof of concept 100% security. Anil Madhavapeddy (Aug 18)
- Re: Need help. Proof of concept 100% security. Stefano Zanero (Aug 18)
- <Possible follow-ups>
- RE: Need help. Proof of concept 100% security. Joyce, MP (Matthew) (Aug 18)
- Re: Need help. Proof of concept 100% security. Evan Teran (Aug 18)
- Re: Need help. Proof of concept 100% security. xenophi1e (Aug 19)
- Re: Need help. Proof of concept 100% security. Balwinder Singh (Aug 21)