Search for: All records

Compartmentalization decomposes applications into isolated components, effectively confining the scope of potential security breaches. Recent approaches nest the protection monitor within processes for efficient memory isolation at the cost of security. However, these systems lack solutions for efficient multithreaded safety and neglect kernel semantics that can be abused to bypass the monitor. The Endokernel is an intra-process security monitor that isolates memory at subprocess granularity. It ensures backwards-compatible and secure emulation of system interfaces, a task uniquely challenging due to the need to analyze OS and hardware semantics beyond mere interface usability. We introduce an inside-out methodology where we identify core OS primitives that allow bypass and map that back to the interfaces that depend on them. This approach led to the identification of several missing policies as well as aided in developing a fine-grained locking approach to deal with complex thread safety when inserting a monitor between the OS and the application. Results indicate that we can achieve fast isolation while greatly enhancing security and maintaining backwards-compatibility, and also showing a new method for systematically finding gaps in policies. 

Modern applications combine multiple components into single processes, leading to complex tradeoffs between isolation, performance, and programmability.We present the Endoprocess, a unique, microkernel-based approach for protection within process spaces. An endoprocess safely multiplexes process resources by exporting a low-level abstraction, the subprocess, that is transparently overlaid on existing process interfaces (like mmap, mprotect, etc), and provides extensibility and programmability through custom application-layer modules. We report experimental results of an initial prototype and highlight several application domains. Overall, the endoprocess presents a path for protection within processes while remaining compatible with existing OS abstractions and multiplexing them in a secure and extensible way. 

We present the object-encapsulation model, a lowlevel program representation and analysis framework that exposes and quantifies privilege within a program. Successfully compartmentalizing an application today requires significant expertise, but is an attractive goal as it reduces connectability of attack vectors in exploit chains. The object-encapsulation model enables understanding how a program can best be compartmentalized without requiring deep knowledge of program internals. We translate a program to a new representation, the Program Capability Graph (PCG), mapping each operation to the code and data objects it may access. We aggregate PCG elements into encapsulated-object groups. The resulting encapsulated-objects PCG enables measuring program interconnectedness and encapsulated-object privileges in order to explore and compare compartmentalization strategies. Our deep dive of parsers reveals they are well encapsulated, requiring access to an average of 545=4902 callable interfaces and 1201=29198 external objects. This means the parsers we evaluate can be easily compartmentalized, applying the encapsulated-objects PCG and our analysis to facilitate automatic or manual trust boundary placement. Overall, the object-encapsulation model provides an essential element to language-level analysis of least-privilege in complex systems to aid codebase understanding and refactoring. Index Terms—program analysis, least privilege, object models 

Abstract A unique noncontact single cell manipulation technique based on the actuation of magnetic nanorods (MNRs) or clusters (MCs) by nonuniform alternating magnetic fields (nuAMFs) is demonstrated. Compared to the actuation of MNRs/MCs by conventional magnetophoresis, the motion of MNRs/MCs actuated by nuAMFs can be tuned by additional parameters including the shape of MNRs/MCs and the frequency of the applied magnetic fields. The manipulation of a single cell by an actuated MNR/MC are divided into five stages, i.e., approaching, pushing, carrying, dragging, and releasing. The interactions between the MNR/MC and the cell in these stages are investigated in detail both experimentally and numerically. Other applications of cell manipulation, such as concentrating cells at target locations and accumulating MNRs/MCs onto a single cell, are also demonstrated. The single cell manipulation system is simple, low‐cost, and low‐power consumption, and helps advance the state‐of‐the‐art of single‐particle manipulation.