THIS IS A CONTINUATION OF N00014-14-1-0386 LockdownOS: a Component-Based Foundation for System Monitoring, Quarantine, and Recovery

Abstract

Why are rootkits successful? A main reason is that they insert themselves into, and are indistinguishable from, operating system (OS) code. For example, consider an application that unwittingly downloads a malicious executable that mounts a privelege escalation attack, such as CVE-2013- 2094. This particular attack exploits an obscure bug in the Linux kernel to get root access via a seemingly harmless syscall. But why, with all of the security mechanisms that now come standard with Linux, does this bug introduce an exploitable vulnerability that impacts all principals in the system? The root of the problem is that large monolithic operating systems and applications not only greatly increase the OS attack surface, but also allow malicious principals to hide, and also prevent quarantining the negative effects of an attack. This proposal presents LOCKDOWNOS, a system that enables the quarantining of possibly malicious principals (e.g. specific web clients) from the rest to completely prevent compromises from having global impacts on information systems. In contrast to existing monolithic systems, LOCKDOWNOS is based on pervasive inter-service isolation via a component-based operating system to prevent the propagation of compromises between system services. Additionally, LOCKDOWNOS focuses on (1) fine-grained, end-to-end tracking of each principalÕs resources and access control, (2) component splitting to replicate a set of system services (including even the lowest-level functionalities) for specific principals, and (3) access control for time to prevent principals from mounting denial-of-service attacks. These novel mechanisms combine to yield a system where not only the fine-grained isolation between the many pieces of software on the system, but also the finegrained, dynamic quarantining of principals from each other, will prevent unknown or unexpected compromises from impacting the mission of both the information infrastructure, and the embedded and real-time systems controlling physical assets.

Document Details

Document Type

DoD Grant Award

Publication Date

Jun 10, 2016

Source ID

N000141612236

Entities

Tags