Automated Program Hardening via Hoisted Privilege Reductions

Privilege based security policies for programs are effective as a first line of defense against attacks. They are able to mitigate broad classes of attacks against programs, potentially saving the costs of searching for and mitigating specific vulnerabilities. Deploying such techniques, however requires expert knowledge and manual analysis of programs.We propose Passive Privilege Inference and Reducer (PPIR), a technique driven by a novel static analysis that automates the process of inferring the privileges required by a program.We develop a tool that uses this technique to infer the privileges required by a program and instrument it with a security policy to enforce the Principle of Least Privilege. We show that PPIR performs on par with handcrafted security measures while eliminating the manual burden of investigating and inserting privileges. PPIR further enables the potential to progressively reduce privileges as a program executes.