Structuring protocol implementations to protect sensitive data.
Proceedings of the 19th USENIX Security Symposium: August 11–13, 2010, Washington, DC.
(pp. 47 - 62).
USENIX Association: Berkeley, US.
Download (234kB) | Preview
In a bid to limit the harm caused by ubiquitous remotely exploitable software vulnerabilities, the computer systems security community has proposed primitives to allow execution of application code with reduced privilege. In this paper, we identify and address the vital and largely unexamined problem of how to structure implementations of cryptographic protocols to protect sensitive data despite exploits. As evidence that this problem is poorly understood, we first identify two attacks that lead to disclosure of sensitive data in two published state-ofthe-art designs for exploit-resistant cryptographic protocol implementations: privilege-separated OpenSSH, and the HiStar/DStar DIFC-based SSL web server. We then describe how to structure protocol implementations on UNIX- and DIFC-based systems to defend against these two attacks and protect sensitive information from disclosure. We demonstrate the practicality and generality of this approach by applying it to protect sensitive data in the implementations of both the server and client sides of OpenSSH and of the OpenSSL library.
|Title:||Structuring protocol implementations to protect sensitive data|
|Event:||19th USENIX Security Symposium|
|Open access status:||An open access version is available from UCL Discovery|
|Additional information:||Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes|
|UCL classification:||UCL > School of BEAMS > Faculty of Engineering Science > Computer Science|
Archive Staff Only