Trent Jaeger, Systems and Internet Security Laboratory, Pennsylvania State University
Abstract
The process of name resolution, where names are resolved into resource references, is fundamental to computer science, but its use has resulted in several classes of vulnerabilities. These vulnerabilities are difficult for programmers to eliminate because their cause is external to the program: the adversary changes namespace bindings in the system to redirect victim programs to a resource of the adversary’s choosing. Researchers have also found that these attacks are very difficult to prevent systematically: any successful defense must have both knowledge about the system namespace and the program intent to eradicate such attacks. As a result, we propose the STING test engine, which finds name resolution vulnerabilities in programs by performing a dynamic analysis of name resolution processing to produce directed test cases whenever an attack may be possible. STING has been designed to track all name resolutions performed by the kernel, test both binary and interpreted programs, and find vulnerabilities without affecting the system’s normal execution significantly. Using STING, we found 21 previously-unknown vulnerabilities in a variety of Linux programs on Ubuntu and Fedora systems, demonstrating that comprehensive testing for name resolution vulnerabilities is practical.
Biography
Trent Jaeger is an Associate Professor in the Computer Science and Engineering Department at the Pennsylvania State University and director of the Systems and Internet Infrastructure Security Laboratory. He received his Ph.D. from the University of Michigan in 1997 where he studied mechanisms and policies for controlling the execution of mobile code. Prior to joining Penn State, Trent was a research staff member in the Security and Networking Department at IBM Research in the T. J. Watson Research Center.
Trent’s research interests include operating systems security, access control, and source code and policy analysis tools. He has published over 90 refereed research papers on these subjects. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, the SELinux module and policy development, integrity measurement in Linux, and the Xen security architecture. Trent is the author of the book “Operating Systems Security,” which examines the principles and designs of secure operating systems. He is active in the security research community, having been a member of the program committees of all the major security conferences, and the program chair of the ACM CCS Government and Industry Track, ACM SACMAT, as well as chairing several workshops. He is an associate editor with ACM TOIT and has been a guest editor of ACM TISSEC.