TY - GEN
T1 - Lock-in-pop
T2 - 2017 USENIX Annual Technical Conference, USENIX ATC 2017
AU - Li, Yiwen
AU - Dolan-Gavitt, Brendan
AU - Weber, Sam
AU - Cappos, Justin
N1 - Publisher Copyright:
© USENIX Annual Technical Conference, USENIX ATC 2017. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Virtual machines (VMs) that try to isolate untrusted code are widely used in practice. However, it is often possible to trigger zero-day flaws in the host Operating System (OS) from inside of such virtualized systems. In this paper, we propose a new security metric showing strong correlation between “popular paths” and kernel vulnerabilities. We verify that the OS kernel paths accessed by popular applications in everyday use contain significantly fewer security bugs than less-used paths. We then demonstrate that this observation is useful in practice by building a prototype system which locks an application into using only popular OS kernel paths. By doing so, we demonstrate that we can prevent the triggering of zero-day kernel bugs significantly better than three other competing approaches, and argue that this is a practical approach to secure system design.
AB - Virtual machines (VMs) that try to isolate untrusted code are widely used in practice. However, it is often possible to trigger zero-day flaws in the host Operating System (OS) from inside of such virtualized systems. In this paper, we propose a new security metric showing strong correlation between “popular paths” and kernel vulnerabilities. We verify that the OS kernel paths accessed by popular applications in everyday use contain significantly fewer security bugs than less-used paths. We then demonstrate that this observation is useful in practice by building a prototype system which locks an application into using only popular OS kernel paths. By doing so, we demonstrate that we can prevent the triggering of zero-day kernel bugs significantly better than three other competing approaches, and argue that this is a practical approach to secure system design.
UR - http://www.scopus.com/inward/record.url?scp=85053871839&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85053871839&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85053871839
T3 - Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017
SP - 1
EP - 13
BT - Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017
PB - USENIX Association
Y2 - 12 July 2017 through 14 July 2017
ER -