Abstract:
In this talk, I first gived an overview of software compartmentalization and present its general principles, as well as the challenges that researchers in this field still face today.
I focused in particular on the issue of securing inter-compartment boundaries, which has been overlooked by many recent compartmentalization studies.
In that context, I presented ConfFuzz [1, 2], a tool built by my team to measure the effect of neglecting securing compartment interfaces.
Our results show that failure to put proper interface security in place leads to the loss of most security guarantees in many compartmentalized schenarios.
[1] Lefeuvre, Hugo, Vlad-Andrei Bădoiu, Yi Chien, Felipe Huici, Nathan Dautenhahn, and Pierre Olivier. "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software." In Proceedings of 30th Network and Distributed System Security (NDSS'23). Internet Society, 2022.
[2] https://conffuzz.github.io/
