| |
HODOR: Shrinking Attack Surface on Node.js via System Call Limitation
Speaker (s):
WANG Jingyi
Assistant Professor,
Zhejiang University
|
|
Date:
Time:
Venue:
|
|
18 August 2023, Friday
10:00am – 11:00am
Seminar Room 5.2, Level 5
School of Economics/School of Computing
and Information Systems 2 (SOE/SCIS2),
Singapore Management University,
90 Stamford Road,
Singapore 178903
Please register by 17 August 2023.
We look forward to seeing you at this research seminar.
|
|
About the Talk
Node.js applications are becoming more and more widely adopted in the server side, partly due to the convenience of building these applications on top of the runtime provided by popular Node.js engines and the large number of third-party packages provided by the Node Package Management (npm) registry. Node.js provides Node.js applications with system interaction capabilities using system calls. However, such convenience comes with a price, i.e., the attack surface of JavaScript arbitrary code execution (ACE) vulnerabilities is expanded to the system call level. There lies a noticeable gap between existing protection techniques in the JavaScript code level (either by code debloating or read-write-execute permission restriction) and a targeted defense for emerging critical system call level exploitation. To fill the gap, we design and implement HODOR, a lightweight runtime protection system based on enforcing precise system call restrictions when running a Node.js application. HODOR achieved this by addressing several nontrivial technical challenges. First, HODOR requires to construct high-quality call graphs for both the Node.js application (in JavaScript) and its underlying Node.js framework (in JavaScript and C/C++). Specifically, HODOR incorporates several important optimizations in both the JavaScript and C/C++ level to improve the state-of-the-art tools for building more precise call graphs. Then, HODOR creates the main-thread whitelist and the thread-pool whitelist respectively containing the identified necessary system calls based on the call graphs mappings. Finally, with the whitelists, HODOR implements lightweight system call restriction using the Linux kernel feature Secure Computing Mode (seccomp) to shrink the attack surface. We utilize HODOR to protect 168 real-world Node.js applications compromised by arbitrary code/command execution attacks. HODOR could reduce the attack surface to 19.42% on average with negligible runtime overhead (i.e., <3%). The work will appear at CCS 2023.
About the Speaker
Dr. Jingyi Wang is currently a Tenure-Track Assistant Professor (under 100 Young Talent Program) in Zhejiang University, China. Before that, he was a Research Fellow in National University of Singapore. He received his B.E./Ph.D. from Xi'an Jiaotong University/Singapore University of Technology and Design in 2013 and 2018 respectively. His research interests are in the junction of formal methods, software engineering, machine learning and system security, mostly concerning how to build more trustworthy systems or software, especially the emerging safety-critical artificial intelligence (AI) systems and cyber-physical systems (CPSs). He has published in top venues such as S&P, CCS, ICSE, ASE, ISSTA, FM and TACAS. He is the recipient of two ACM SIGSOFT Distinguished Paper Award (ICSE 2018/2020) and one ACM SIGSOFT Research Highlights (2020).
|
