{"title":"Free Willy:减少系统调用以增强软件安全性","authors":"Charlie Groh, Sergej Proskurin, Apostolis Zarras","doi":"10.1145/3555776.3577593","DOIUrl":null,"url":null,"abstract":"Many privilege escalation exploits on Linux abuse vulnerable system calls to threaten the system's security. Therefore, various static and dynamic analysis based seccomp policy generation frameworks emerged. Yet, they either focus on a subset of the available binaries or are constrained by the inherent properties of dynamic, testing-based analysis, which are prone to false negatives. In this paper, we present Jesse, a static-analysis-based framework for generating seccomp policies for ELF binaries. We design and implement an abstract-interpretation-based constant propagation that helps the analyst identify vital system calls for arbitrary, non-obfuscated binaries. Using the extracted results, Jesse allows producing effective seccomp policies, reducing the system's attack vector. To assess Jesse's effectiveness and accuracy, we have applied our system to over 1,000 ELF binaries for Debian 10, and show that---contrary to existing solutions---Jesse produces accurate and safely approximated results, without relying on any properties of the target binaries. In addition, we conduct a case study in which we combine Jesse's constant propagation strategy with container debloating techniques to produce seccomp policies that restrict up to five times more system calls than the Docker's default seccomp policy on average.","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Free Willy: Prune System Calls to Enhance Software Security\",\"authors\":\"Charlie Groh, Sergej Proskurin, Apostolis Zarras\",\"doi\":\"10.1145/3555776.3577593\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many privilege escalation exploits on Linux abuse vulnerable system calls to threaten the system's security. Therefore, various static and dynamic analysis based seccomp policy generation frameworks emerged. Yet, they either focus on a subset of the available binaries or are constrained by the inherent properties of dynamic, testing-based analysis, which are prone to false negatives. In this paper, we present Jesse, a static-analysis-based framework for generating seccomp policies for ELF binaries. We design and implement an abstract-interpretation-based constant propagation that helps the analyst identify vital system calls for arbitrary, non-obfuscated binaries. Using the extracted results, Jesse allows producing effective seccomp policies, reducing the system's attack vector. To assess Jesse's effectiveness and accuracy, we have applied our system to over 1,000 ELF binaries for Debian 10, and show that---contrary to existing solutions---Jesse produces accurate and safely approximated results, without relying on any properties of the target binaries. In addition, we conduct a case study in which we combine Jesse's constant propagation strategy with container debloating techniques to produce seccomp policies that restrict up to five times more system calls than the Docker's default seccomp policy on average.\",\"PeriodicalId\":42971,\"journal\":{\"name\":\"Applied Computing Review\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2023-03-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Computing Review\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3555776.3577593\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577593","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Free Willy: Prune System Calls to Enhance Software Security
Many privilege escalation exploits on Linux abuse vulnerable system calls to threaten the system's security. Therefore, various static and dynamic analysis based seccomp policy generation frameworks emerged. Yet, they either focus on a subset of the available binaries or are constrained by the inherent properties of dynamic, testing-based analysis, which are prone to false negatives. In this paper, we present Jesse, a static-analysis-based framework for generating seccomp policies for ELF binaries. We design and implement an abstract-interpretation-based constant propagation that helps the analyst identify vital system calls for arbitrary, non-obfuscated binaries. Using the extracted results, Jesse allows producing effective seccomp policies, reducing the system's attack vector. To assess Jesse's effectiveness and accuracy, we have applied our system to over 1,000 ELF binaries for Debian 10, and show that---contrary to existing solutions---Jesse produces accurate and safely approximated results, without relying on any properties of the target binaries. In addition, we conduct a case study in which we combine Jesse's constant propagation strategy with container debloating techniques to produce seccomp policies that restrict up to five times more system calls than the Docker's default seccomp policy on average.