Thursday, October 21, 2004
Privilege separation partitions a single program into two protection domains: a privileged monitor and an unprivileged slave. The slave and monitor cooperate to behave as the original program. All trust and privileges are relegated to the monitor, which results in a smaller and more easily secured trust base. Previously the privilege separation process, i.e., partitioning one program into the monitor and slave, was done by hand which is time-consuming and error-prone.
We have designed and developed the first automatic approach for
privilege separation. We use static analysis and C-to-C translation to
separate the original program into the monitor and slave. We also
In this talk I will describe our techniques and our implementation, called Privtrans. I will also discuss our results in automatically partitioning programs. This is joint work with Dawn Song. The paper has appeared in USENIX Security Symposium, August 2004. This talk is in partial fulfillment of the speaking requirement.
Seminar Info Contact: