News
- We gave a talk on software compartmentalization and ConfFuzz at the Inria Software Systems Security seminar
- We presented some of our ongoing follow-up work on Oct 23rd at KISV, co-located with SOSP.
- We will present our paper at NDSS’23 on Tuesday, Feb 28th in San Diego (Software Security I).
- ConfFuzz will be presented at FOSDEM as part of the Confidential Computing track.
- Our ConfFuzz paper was accepted to appear at NDSS 2023.
Software compartmentalization decomposes applications into lesser-privileged components that only have access to what they need to do their job. Properly applied, compartmentalization can limit the impact of many memory safety issues by containing corruption within the vulnerable component. Use-cases are plentiful: library sandboxing, protection of SSL keys, sandboxing of network-facing code, and more.
In the last decade we have seen the appearance of many new mechanisms that enable compartmentalization at a relatively low performance cost (Intel PKU, the upcoming Intel PKS, CHERI hardware capabilities, vmfunc). This generated a lot of research with a strong focus on compartmentalizing existing software, at a fine grain (isolating libraries or components), and as automatically as possible. The promises are great: the compartmentalization of legacy software, with a low engineering effort, and at a low performance cost.
Alas, in this process, the interfaces between compartments are often neglected: they are hard to reason about and difficult to secure automatically, and compartmentalizing at finer and finer-grain exacerbates the issue. This is a major problem, as weak interfaces enable for a wide range of attacks.
In this work, we study the impact of neglecting compartment interfaces. We define and classify Compartment Interface Vulnerabilities (CIVs), and present ConfFuzz a fuzzer specialized to catch them. Having applied it to 25 popular applications and 36 possible compartment APIs, revealing 629 interface vulnerabilities, we present insights into what makes interfaces vulnerable, and how to make them more resilient when compartmentalizing.
Getting Started
Our main README provides a step-by-step guide to get started with our prototype.
The data set of our NDSS’23 paper is publicly available under the CC BY license.
Publications
- Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software.
H. Lefeuvre, V-A. Bădoiu, B. Chien, F. Huici, N. Dautenhahn, P. Olivier.
to appear in NDSS’23 [ArXiv] [Data-Set] [Zenodo] [Video]
Other Presentations
-
A Study of Fine-Grain Compartment Interface Vulnerabilities: What, Why, and What We Should Do About Them.
will be presented by H. Lefeuvre at FOSDEM’23 [Video] -
Software Compartmentalization and the Challenge of Interfaces.
P. Olivier, Inria Software Systems Security Seminar, 2023 [Video]
Contact
Hugo Lefeuvre, The University of Manchester: hugo.lefeuvre at manchester.ac.uk
ConfFuzz is an open-source project resulting from a collaboration between the University of Manchester, Politehnica University of Bucharest, Rice University, and Unikraft.io.
ConfFuzz is partly funded by a studentship from NEC Labs Europe, a Microsoft Research PhD Fellowship, the UK’s EPSRC grants EP/V012134/1 (UniFaaS), EP/V000225/1 (SCorCH), the EPSRC/Innovate UK grant EP/X015610/1 (FlexCap), the EU H2020 grant agreements 871793 (ACCORDION) and 758815 (CORNET), and the NSF CNS #2008867, #2146537, and ONR N00014-22-1-2057 grants.