BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Protecting Programs During Resource Retrieval - Trent Jaeger\, Pen
 n State University
DTSTART:20140428T090000Z
DTEND:20140428T100000Z
UID:TALK52338@talks.cam.ac.uk
CONTACT:Microsoft Research Cambridge Talks Admins
DESCRIPTION:Programs must retrieve many system resources to execute proper
 ly\, but there are several classes of vulnerabilities that may befall prog
 rams during resource retrieval.  These vulnerabilities are difficult for p
 rogrammers to eliminate because their cause is external to the program: ad
 versaries may control the inputs used to build names\, name spaces used to
  find the target resources\, and the target resources themselves to trick 
 victim programs to retrieve resources of the adversaries' choosing.  In th
 is talk\, I will present a system mechanism\, called the Process Firewall\
 , that protects programs from\nvulnerabilities during resource retrieval b
 y introspecting into running programs to enforce context-specific rules.  
 Our key insight is that using introspection to prevent such vulnerabilitie
 s is safe because we only aim to protect processes\, relying on access con
 trol to confine malicious processes.  I will show that the Process Firewal
 l can prevent many types of vulnerabilities during resource retrieval\, in
 cluding those involving race conditions.  I will also show how to perform 
 such introspection and enforcement efficiently\, incurring much lower over
 head than equivalent program defenses.  Finally\, I will describe a concep
 tual model that describes the conditions for safe resource retrieval\, and
  outline how to produce enforceable rules from that model.  By following t
 his model\, we find that the Process Firewall mechanism can prevent many v
 ulnerabilities during resource retrieval without causing false positives.
LOCATION:Auditorium\, Microsoft Research Ltd\, 21 Station Road\, Cambridge
 \, CB1 2FB
END:VEVENT
END:VCALENDAR