improving the Seatbelt system
improving the Seatbelt system
- Subject: improving the Seatbelt system
- From: Michael Roitzsch <email@hidden>
- Date: Sat, 26 Jan 2008 16:53:52 +0100
Hi Darwin team,
I am not sure, if this is the right place to discuss this, but it's
the closest I have found. Please suggest other forums, if this is
inappropriate here.
I would like to suggest and discuss an enhancement to the "seatbelt"
sandbox system that ships with Leopard. Currently, the sandbox seems
to be merely a static system call filter. I think this already
provides additional security for the processes using it and my guess
is that Apple will extend this in future versions of Mac OS X. However
I recently came across a technology that would in my opinion provide
great benefit to seatbelt.
The technology is called "model-carrying code" (MCC). The idea was
published at the SOSP 2003 conference. The paper is available for
download, for example here: http://seclab.cs.sunysb.edu/seclab1/pubs/papers/sosp03.pdf
In a nutshell: This also implements a system call filter (that's why I
think it fits seatbelt's model nicely), but instead of being a static
filter, MCC provides stateful dynamic filtering. It has to be trained
to capture an application's normal behavior (this could be
supplemented with static code analysis) and can then be enabled to
detect abnormal behavior (e.g. control flow taken over by an attacker)
at runtime. It will catch more attack scenarios than a static filter.
I just wanted to raise awareness of this technology amongst the Darwin
hackers. Maybe someone thinks this is a nice idea.
Michael Roitzsch
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden