FlexC: Flexible Compartmentalization Through Automatic Policy Generation

Ortega, Carolina Perez

Author(s)

Ortega, Carolina Perez

DownloadThesis PDF (1.148Mb)

Advisor

Shrobe, Howard

Okhravi, Hamed

Burow, Nathan

Terms of use

In Copyright - Educational Use Permitted Copyright MIT http://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

The single address space in monolithic kernels enables vulnerabilities to compromise the entire kernel and system. An effective approach to prevent and mitigate these vulnerabilities is compartmentalization. Previous work has mostly focused on the enforcement of compartmentalization policies; to date little research has addressed the creation of such policies. Users are assumed to manually create and supply policies via annotation. Automating this would allow policies to be optimized for different systems. Therefore, our goal is to build a system for creation and enforcement of policies that is automatic, easy to use, and allows exploration of multiple policies, tailored to the needs of the systems. We introduce a mechanism for Flexible Compartmentalization through automatic policy generation, FlexC, which both creates and enforces arbitrary compartmentalization policies. FlexC automatically creates a code and data flow graph to represent the system being compartmentalized, based on static and dynamic analyses. It allows the user to select how to prioritize the static or dynamic information in the edges of the graph. Then, it merges vertices using a greedy algorithm, into a number of compartments specified by the user, creating a compartmentalization policy that is then enforced using an LLVM pass. For systems with higher security sensitivity, FlexC can create hundreds of compartments, while users that need to prioritize performance can create as few as desired. Additionally, users can easily explore the impact of different policies on their systems, and select whichever is most appropriate. We evaluated FlexC on a Linux kernel 5.10, and measured the impact on a FAT file system. Results showed an overhead with a geometric mean between 10% and 13.5% for policies with different number of compartments. Fine-grained policies can reduce the number compartments that have permission to access FAT file system compartments by 60%.

Date issued

2022-05

URI

https://hdl.handle.net/1721.1/144506

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses