BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Wedge: Splitting Applications into Reduced-Privilege Compartments 
 - Andrea Bittau (UCL)
DTSTART:20090212T160000Z
DTEND:20090212T170000Z
UID:TALK16616@talks.cam.ac.uk
CONTACT:Eiko Yoneki
DESCRIPTION:Most applications today run as single processes\, allowing suc
 cessful attackers to access all of the process's memory and sensitive data
 .  We intend to reverse this situation by splitting applications into mult
 iple compartments that hold no privileges by default\, and allowing progra
 mmers to explicitly grant privileges and memory permissions\, therefore co
 ntrolling the damage of potential exploits.\nOur system Wedge is composed 
 of two synergistic parts: the sthread OS primitives that allow programmers
  to create default-deny compartments with explicitly set privileges\, and 
 Crowbar\, a tool that run-time analyzes existing applications to help iden
 tify potential sthreads along with their required memory and file descript
 or permissions\, allowing a simpler migration of existing code to sthreads
 .  We applied sthreads to SSL-enabled Apache protecting the privacy of use
 r data even against a powerful attacker can both exploit large part of the
  server and also act as a man-in-the-middle in the network\; all at a 20--
 40% performance cost.  Finally we describe a userland implementation of st
 hreads that does not sacrifice performance thanks to the careful (ab)use o
 f UNIX APIs.\n\nBio: Andrea Bittau is a PhD student at UCL working on oper
 ating system support for application security\, supervised by Mark Handley
  and Brad Karp.  His past projects include the fragmentation attack for 80
 2.11 WEP networks\, where an attacker can spoof and eavesdrop data without
  needing the WEP key\, and developing the first open source Bluetooth snif
 fer\, based on GNU radio.\n
LOCATION:SS03\, Computer Laboratory\, William Gates Builiding
END:VEVENT
END:VCALENDAR