Towards an automated generation of application confinement policies with binary analysis
- Resource Type
- Conference
- Authors
- Rauter, Tobias; Holler, Andrea; Kajtazovic, Nermin; Kreiner, Christian
- Source
- 2015 International Symposium on Networks, Computers and Communications (ISNCC) Networks, Computers and Communications (ISNCC), 2015 International Symposium on. :1-6 May, 2015
- Subject
- Communication, Networking and Broadcast Technologies
Computing and Processing
Resource management
Software
Servers
Access control
Libraries
Sockets
Data mining
- Language
Application-based access control technologies are used to protect systems from malicious or compromised software. Existing rule-based access control systems rely on a comprehensive policy, which defines the resources an application is allowed to access. The generation of these policies is a hard and error-prone task for system engineers. In this work, we provide a framework to automate this task and a proof-of-concept implementation that uses binary analysis to generate a model of the resource requirements of an application. We use a new approach to refine the policy by connecting different accesses to the same resource via their least common ancestor (LCA) in the call graph. Moreover, we tested the proposed methods with a commonly used web-server and they show a high potential to significantly simplify the policy generation process.