μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts
Welcome. Please find information related to our project on automated analysis on large software artifacts.
Link to the Paper
<script async src="https://api.countapi.xyz/hit/fierce-lab.gitlab.io/uscope-repo"></script>.
├── README.md This document.
├── analysis μSCOPE analysis code
├── compartment-explorer Linux kernel compartment explorer.
├── css
├── index.html μSCOPE landing page
├── object-explorer Linux kernel object explorer.
├── run.sh Script to run uscope analysis.
├── uscope_raid21.pdf Full paper for μSCOPE
μSCOPE's compartment-generation and analysis code can be found in the analysis directory.
To get started, follow the μSCOPE analysis tutorial
By prioritizing simplicity and portability, least-privilege engineering has been an afterthought in OS design, resulting in monolithic kernels where any exploit leads to total compromise. μSCOPE (“microscope”) addresses this problem by automatically identifying opportunities for least-privilege separation. μSCOPE replaces expert-driven, semi-automated analysis with a general methodology for exploring a continuum of security vs. performance design points by adopting a quantitative and systematic approach to privilege analysis. In the paper, we detail how we applied the μSCOPE methodology to the Linux kernel, allowing us to accomplish the following:
The instrumentation of the entire Linux kernel, granting comprehensive, fine-grained memory access and call activity The mapping of fine-grained memory accesses and calls to semantic information The reporting of a separability analysis on the kernel, using both quantitative privilege and overhead metrics We discover opportunities for orders of magnitude privilege reduction while predicting relatively low overheads - at 15% mediation overhead, overprivilege in Linux can be reduced up to 99.8% - suggesting fine-grained privilege separation is feasible and laying the groundwork for accelerating real privilege separation.
We collected a significant amount of data as well as present a few ways to explore compartmentalizations.
μSCOPE Linux Object Explorer: shows access trace for select set of objects with links to code.
μSCOPE Linux Compartment Explorer: shows compartmentalization results from µSCOPE algorithms.
μSCOPE Visualizations: profiling visualizations to understand what's happening in Linux.
μSCOPE Directory Based Communication Heatmap: heatmap showing interactions between directory based compartmentalization in Linux.
Who's using the most privilege in Linux?: sunburst showing components with highest access degree.
Who's allocating the most data in Linux?: flame graphs showing who's allocating the most in Linux.
The raw data collected for μSCOPE can be downloaded here: RAID2021.tar.gz.
Warning: the tar file is 2.7GB and unpacks into about 16GB of data.
This data is collected from 8 CPU-months of Linux kernel workload traces on the Memorizer kernel.
@inproceedings{Roessler:USCOPE:2021,
title = {{{$\mu$SCOPE}}: {{A Methodology}} for {{Analyzing Least}}-{{Privilege Compartmentalization}} in {{Large Software Artifacts}}},
booktitle = {In 24th {{International Symposium}} on {{Research}} in {{Attacks}}, {{Intrusions}} and {{Defenses}} ({{RAID}} '21)},
author = {Roessler, Nick and Atayde, Lucas and Palmer, Imani and McKee, Derrick and Pandey, Jai and Kemerlis, Vasileios P and Payer, Mathias and Bates, Adam and DeHon, Andr{\'e} and Smith, Jonathan M and Dautenhahn, Nathan},
year = {2021},
pages = {16},
publisher = {{ACM}}
}