andrea bittaumark handley petr marchenkobrad karp computer science department ucl fine-grained...
DESCRIPTION
Motivation & Problem Definition Apache Web Server network parser private key memory protectionTRANSCRIPT
ANDREA BITTAU MARK HANDLEY PETR MARCHENKO BRAD KARP
COMPUTER SCIENCE DEPARTMENTUCL
Fine-Grained Isolation for the Apache Web Server
Motivation & Problem Definition
Apache Web Server
networkparserprivate
key
Motivation & Problem Definition
Apache Web Server
networkparserprivate
key
memory protection
memory protection
Is partitioning easy?
Apache Web Server
networkparserprivate
key
memory protection
memory protection
Apache worker process requires access to222 heap and 389 global objects
Problem Statement
Given a function, what memory does it access?
Given memory items, which functions access them?
Given a function that “generates” sensitive data, where does it propagate?
Crowbar, our binary instrumentation tool, answers these questions
SSL-enabled Apache Web Server
Apache Web Server
network
private key workergen_session_key
(~200 LoC)
memory protection
memory protection