Dynamic information-flow enforcement systems automatically protect applications against confidentiality and integrity threats. Unfortunately, existing solutions cause undesirable side effects, if not crashes, due to unconstrained modification of run-time values (e.g. anonymizing sensitive identifiers even when these are used for authentication). To address this problem, we present Functionality-Aware Security Enforcement (FASE), a lightweight approach for efficiently securing applications without breaking their functionality. The key idea is to let developers specify functionality constraints and then use a run-time synthesizer to replace sensitive values with constraint-compliant ones. Concretely, FASE consists of: (i) an efficient fine-grained dataflow- tracking engine, (ii) a domain-specific language (DSL) for expressing functionality constraints, (iii) a synthesizer that derives constraint-compliant values at security-sensitive operations, and (iv) an enforcement mechanism that automatically repairs illicit flows at run time. We instantiated FASE to the problem of securing Android applications. Our experiments show that the FASE system is useful in practice: Its average run-time overhead is <12%; it avoids the crashes, side effects, and run-time errors exhibited by existing solutions; and the constraints in the FASE DSL are readable and concise.

FASE: Functionality-aware security enforcement

Ferrara P
2016

Abstract

Dynamic information-flow enforcement systems automatically protect applications against confidentiality and integrity threats. Unfortunately, existing solutions cause undesirable side effects, if not crashes, due to unconstrained modification of run-time values (e.g. anonymizing sensitive identifiers even when these are used for authentication). To address this problem, we present Functionality-Aware Security Enforcement (FASE), a lightweight approach for efficiently securing applications without breaking their functionality. The key idea is to let developers specify functionality constraints and then use a run-time synthesizer to replace sensitive values with constraint-compliant ones. Concretely, FASE consists of: (i) an efficient fine-grained dataflow- tracking engine, (ii) a domain-specific language (DSL) for expressing functionality constraints, (iii) a synthesizer that derives constraint-compliant values at security-sensitive operations, and (iv) an enforcement mechanism that automatically repairs illicit flows at run time. We instantiated FASE to the problem of securing Android applications. Our experiments show that the FASE system is useful in practice: Its average run-time overhead is <12%; it avoids the crashes, side effects, and run-time errors exhibited by existing solutions; and the constraints in the FASE DSL are readable and concise.
32nd Annual Computer Security Applications Conference, ACSAC 2016
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3730041
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 2
social impact