Automated Policy Synthesis for System Call Sandboxing
System call whitelisting is a powerful sandboxing approach that can significantly reduce the capabilities of an attacker if an application is compromised. Given a policy that specifies which system calls can be invoked with what arguments, a sandboxing framework terminates any execution that violates the policy. While this mechanism greatly reduces the attack surface of a system, manually constructing these policies is time-consuming and error-prone. As a result, many applications —including those that take untrusted user input— opt not to use a system call sandbox.
Motivated by this problem, we propose a technique for automatically constructing system call whitelisting policies for a given application and policy DSL. Our method combines static code analysis and program synthesis to construct sound and precise policies that never erroneously terminate the application, while restricting the program’s system call usage as much as possible. We have implemented our approach in a tool called Abhayaand experimentally evaluate it 493 Linux and OpenBSD applications by automatically synthesizing Seccomp-bpfand Pledgepolicies. Our experimental results indicate that Abhayacan efficiently generate useful and precise sandboxes for real-world applications.
Fri 22 OctDisplayed time zone: Central Time (US & Canada) change
13:50 - 15:10
|Gradual Verification of Recursive Heap Data Structures|
|Formulog: Datalog for SMT-based Static Analysis|
|Compiling Symbolic Execution with Staging and Algebraic Effects|
|Automated Policy Synthesis for System Call Sandboxing|
Shankara Pailoor University of Texas at Austin, Xinyu Wang University of Michigan, Hovav Shacham University of Texas at Austin, Isil Dillig University of Texas at AustinDOI
|Discussion, Questions and Answers|