Trusted Enforcement of Application-specific Security Policies

05/05/2021
by   Marius Schlegel, et al.
0

While there have been approaches for integrating security policies into operating systems (OSs) for more than two decades, applications often use objects of higher abstraction requiring individual security policies with application-specific semantics. Due to insufficient OS support, current approaches for enforcing application-level policies typically lead to large and complex trusted computing bases rendering tamperproofness and correctness difficult to achieve. To mitigate this problem, we propose the application-level policy enforcement architecture AppSPEAR and a C++ framework for its implementation. The configurable framework enables developers to balance enforcement rigor and costs imposed by different implementation alternatives and thus to easily tailor an AppSPEAR implementation to individual application requirements. We especially argue that hardware-based trusted execution environments offer an optimal balance between effectiveness and efficiency of policy protection and enforcement. This claim is substantiated by a practical evaluation based on an electronic medical record system.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 9

01/16/2021

T-Lease: A Trusted Lease Primitive for Distributed Systems

A lease is an important primitive for building distributed protocols, an...
07/15/2021

Deriving Static Security Testing from Runtime Security Protection for Web Applications

Context: Static Application Security Testing (SAST) and Runtime Applicat...
06/17/2021

Hardware-Enforced Integrity and Provenance for Distributed Code Deployments

Deployed microservices must adhere to a multitude of application-level s...
02/10/2021

DOVE: A Data-Oblivious Virtual Environment

Users can improve the security of remote communications by using Trusted...
09/01/2021

CorbFuzz: Checking Browser Security Policies with Fuzzing

Browsers use security policies to block malicious behaviors. Cross-Origi...
02/13/2021

BPFContain: Fixing the Soft Underbelly of Container Security

Linux containers currently provide limited isolation guarantees. While c...
06/17/2021

Enabling Security-Oriented Orchestration of Microservices

As cloud providers push multi-tenancy to new levels to meet growing scal...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.