Self-Adaptive and Self-Organizing Systems Workshops, IEEE International Conference on (2012)
Lyon, France France
Sept. 10, 2012 to Sept. 14, 2012
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SASOW.2012.14
Application compartmentalisation decomposes software into sandboxed components in order to mitigate security vulnerabilities, and has proven effective in limiting the impact of compromise. However, experience has shown that adapting existing C-language software is difficult, often leading to problems with correctness, performance, complexity, and most critically, security. Security-Oriented Analysis of Application Programs (SOAAP) is an in-progress research project into new semi-automated techniques to support compartmentalisation. SOAAP employs a variety of static and dynamic approaches, driven by source code annotations termed compartmentalisation hypotheses, to help programmers evaluate strategies for compartmentalising existing software.
object capabilities, Privilege separation, sandbox, compartmentalisation, program analysis, capability system
K. Gudka, R. N. Watson, S. Hand, B. Laurie and A. Madhavapeddy, "Exploring Compartmentalisation Hypotheses with SOAAP," 2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW 2012)(SASOW), Lyon, 2012, pp. 23-30.