Automated Program Hardening via Hoisted Privilege Reductions

Resource type
Thesis type
(Thesis) M.Sc.
Date created
Privilege based security policies for programs are effective as a first line of defense against attacks. They are able to mitigate broad classes of attacks against programs, potentially saving the costs of searching for and mitigating specific vulnerabilities. Deploying such techniques, however requires expert knowledge and manual analysis of programs.We propose Passive Privilege Inference and Reducer (PPIR), a technique driven by a novel static analysis that automates the process of inferring the privileges required by a program.We develop a tool that uses this technique to infer the privileges required by a program and instrument it with a security policy to enforce the Principle of Least Privilege. We show that PPIR performs on par with handcrafted security measures while eliminating the manual burden of investigating and inserting privileges. PPIR further enables the potential to progressively reduce privileges as a program executes.
Copyright statement
Copyright is held by the author.
This thesis may be printed or downloaded for non-commercial research and scholarly purposes.
Scholarly level
Supervisor or Senior Supervisor
Thesis advisor: Sumner, William
Member of collection
Attachment Size
etd20703.pdf 669.06 KB