Item Details

Component-Oriented Monitoring of Binaries for Security

Rajkumar, Raghavendra; Wang, Andrew; Hiser, Jason; NguyenTuong, Anh; Davidson, Jack; Knight, John
Rajkumar, Raghavendra
Wang, Andrew
Hiser, Jason
NguyenTuong, Anh
Davidson, Jack
Knight, John
Security monitoring systems operate typically at the process level. Various authors have indicated that monitoring at a finer level of granularity than the process is highly desirable. In this paper, we introduce COMB, a framework for imposing policies to confine the behavior of applications. Unlike previous approaches, our technique is applied per component (functions, libraries, and/or plugins) while requiring only the availability of the binary executable form of the program. To demonstrate the feasibility of COMB, we report a case study on a real-world, representative program, the Firefox web browser. Two characteristics of Firefox permit possibly untrusted code to be executed. First, it provides an extensible architecture to allow third-party developers to extend its functionality, and second it makes use of more than 150 external libraries. Using a simple system-call monitoring policy applied to Firefox plugins, we show that COMB can provide protection with reasonable overhead. and plugins. The policies that COMB enforces include those associated with sequences of actions, including sequences involving multiple components. In typical applications, process-level monitoring forces identical monitoring policies to be applied to the entire program. We refer to such monitoring techniques as coarse-grained. Several authors have observed that fine-grained monitoring, as provided by COMB, would improve the accuracy of many security techniques [7][13][16][17][24]. Note: Abstract extracted from PDF text
Date Received
University of Virginia, Department of Computer Science, 2009
Published Date
Libra Open Repository
Logo for In CopyrightIn Copyright


Access Online