Paper Title
Computerized Isolation and Little Privilege in Net Assistances
Abstract
In many client-facing applications, a vulnerability in any part can compromise the entire application. This paper describes the design and implementation of Passes, a system that protects a data store from unintended data leaks and unauthorized writes even in the face of application compromise. Passes automatically splits applications into sandboxed processes. Passes limits communication between those components and the types of accesses each component can make to shared storage, such as a backend database. In order to limit components to their little privilege, Passes uses dynamic analysis on developer-supplied end-to-end test cases to learn data and control-flow relationships between database queries and previous query results, and it then strongly enforces those relationships.Our prototype of Passes acts as a drop in replacement for the net framework. By running eleven unmodified, off-the-shelf applications in Passes, we demonstrate its ability to provide strong security guarantees�Passes correctly enforced 96% of the applications� policies�with little additional overhead. Addtionally, in the net-specific setting of the prototype, we also mitigate the cross-component effects of cross-site scripting (XSS) attacks by combining browser HTML5 sandboxing techniques with our automatic component separation.
Keywords- security policy inference; isolation; capabilities; principle of little privilege; net security