SPLASH 2020
Sun 15 - Sat 21 November 2020 Online Conference
Wed 18 Nov 2020 12:00 - 12:20 at SPLASH-I - W-3 Chair(s): Eelco Visser, Dan Barowy
Thu 19 Nov 2020 00:00 - 00:20 at SPLASH-I - W-3 Chair(s): Yuting Wang, Alex Potanin

System call whitelisting is a powerful sandboxing approach that can significantly reduce the capabilities of an attacker if an application is compromised. Given a \emph{policy} that specifies which system calls can be invoked with what arguments, a sandboxing framework terminates any execution that violates the policy.
While this mechanism greatly reduces the attack surface of a system, manually constructing these policies is time-consuming and error-prone. As a result, many applications —including those that take untrusted user input— opt not to use a system call sandbox.

Motivated by this problem, we propose a technique for automatically constructing system call whitelisting policies for a given application and policy DSL. Our method combines static code analysis and program synthesis to construct \emph{sound and precise policies} that never erroneously terminate the application, while restricting the program's system call usage as much as possible.
We have implemented our approach in a tool called \textsc{Abhaya}\xspace and experimentally evaluate it 493 Linux and OpenBSD applications by automatically synthesizing {Seccomp-bpf}\xspace and \text{Pledge}\xspace policies. Our experimental results indicate that \textsc{Abhaya}\xspace can efficiently generate useful and precise sandboxes for real-world applications.

Wed 18 Nov
Times are displayed in time zone: Central Time (US & Canada) change

11:00 - 12:20: W-3OOPSLA at SPLASH-I +12h
Chair(s): Eelco VisserDelft University of Technology, Dan BarowyWilliams College
11:00 - 11:20
Talk
OOPSLA
Sarah SpallIndiana University, Neil MitchellFacebook, Sam Tobin-HochstadtIndiana University
Link to publication DOI Media Attached
11:20 - 11:40
Talk
OOPSLA
Vsevolod LivinskiiUniversity of Utah, Dmitry BabokinIntel Corporation, John RegehrUniversity of Utah
Link to publication DOI Media Attached
11:40 - 12:00
Talk
OOPSLA
Gabriel PoesiaStanford University, Fernando Magno Quintão PereiraFederal University of Minas Gerais
Link to publication DOI Pre-print Media Attached
12:00 - 12:20
Talk
OOPSLA
Shankara PailoorUniversity of Texas at Austin, Xinyu WangUniversity of Michigan, Hovav ShachamUniversity of Texas at Austin, Isil DilligUniversity of Texas at Austin
Link to publication DOI Media Attached
23:00 - 00:20: W-3OOPSLA at SPLASH-I
Chair(s): Yuting WangShanghai Jiao Tong University, Alex PotaninVictoria University of Wellington
23:00 - 23:20
Talk
OOPSLA
Sarah SpallIndiana University, Neil MitchellFacebook, Sam Tobin-HochstadtIndiana University
Link to publication DOI Media Attached
23:20 - 23:40
Talk
OOPSLA
Vsevolod LivinskiiUniversity of Utah, Dmitry BabokinIntel Corporation, John RegehrUniversity of Utah
Link to publication DOI Media Attached
23:40 - 00:00
Talk
OOPSLA
Gabriel PoesiaStanford University, Fernando Magno Quintão PereiraFederal University of Minas Gerais
Link to publication DOI Pre-print Media Attached
00:00 - 00:20
Talk
OOPSLA
Shankara PailoorUniversity of Texas at Austin, Xinyu WangUniversity of Michigan, Hovav ShachamUniversity of Texas at Austin, Isil DilligUniversity of Texas at Austin
Link to publication DOI Media Attached