Please use this identifier to cite or link to this item:
https://doi.org/10.1109/ASE.2013.6693091
Title: | Automatically partition software into least privilege components using dynamic data dependency analysis | Authors: | Wu, Y. Sun, J. Liu, Y. Dong, J.S. |
Issue Date: | 2013 | Citation: | Wu, Y.,Sun, J.,Liu, Y.,Dong, J.S. (2013). Automatically partition software into least privilege components using dynamic data dependency analysis. 2013 28th IEEE/ACM International Conference on Automated Software Engineering, ASE 2013 - Proceedings : 323-333. ScholarBank@NUS Repository. https://doi.org/10.1109/ASE.2013.6693091 | Abstract: | The principle of least privilege requires that software components should be granted only necessary privileges, so that compromising one component does not lead to compromising others. However, writing privilege separated software is difficult and as a result, a large number of software is monolithic, i.e., it runs as a whole without separation. Manually rewriting monolithic software into privilege separated software requires significant effort and can be error prone. We propose ProgramCutter, a novel approach to automatically partitioning monolithic software using dynamic data dependency analysis. ProgramCutter works by constructing a data dependency graph whose nodes are functions and edges are data dependencies between functions. The graph is then partitioned into subgraphs where each subgraph represents a least privilege component. The privilege separated software runs each component in a separated process with confined system privileges. We evaluate it by applying it on four open source software. We can reduce the privileged part of the program from 100% to below 22%, while having a reasonable execution time overhead. Since ProgramCutter does not require any expert knowledge of the software, it not only can be used by its developers for software refactoring, but also by end users or system administrators. Our contributions are threefold: (i) we define a quantitative measure of the security and performance of privilege separation; (ii) we propose a graph-based approach to compute the optimal separation based on dynamic information flow analysis; and (iii) the separation process is automatic and does not require expert knowledge of the software. © 2013 IEEE. | Source Title: | 2013 28th IEEE/ACM International Conference on Automated Software Engineering, ASE 2013 - Proceedings | URI: | http://scholarbank.nus.edu.sg/handle/10635/78036 | ISBN: | 9781479902156 | DOI: | 10.1109/ASE.2013.6693091 |
Appears in Collections: | Staff Publications |
Show full item record
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.