Department of Computer Science University of Virginia Flexible Code Safety for Win32

With the growth of the global Internet, users have begun to download and run programs for more different purposes and from more varied sources than ever before. These programs should not be allowed to cause harm to a user's system or data, either as a result of malicious code created by an adversary or buggy code that could cause accidentally. Users may have different ideas of what constitutes harm than the program's authors, so they need a flexible way to specify the capabilities and limitations of untrusted programs.

Naccio is a platform-independent architecture for defining safety policies that describe what a program cannot do. To enforce those policies, programs are transformed to integrate safety checking into their operation at runtime. This thesis presents the design of Naccio/Win32, which applies the Naccio architecture to enforce policies on executables running under Microsoft Windows. A prototype implementation provides a proof of concept, and results presented here provide a demonstration of the effectiveness and efficiency of Naccio/Win32's mechanisms.

Naccio/Win32 provides a greater degree of flexibility than any previous code safety system. Safety policies can be written and enforced with no in-depth knowledge of the system, and are specified as general constraints on program actions, rather than being targeted reactions known attacks. New policies can easily be deployed to adapt to changing security needs or system vulnerabilities. The enforcement of policies through transformation is optimized to minimize the overhead introduced, so that users will not suffer a noticeable loss of performance.

Thesis Supervisor: John Guttag
Title: Professor of Computer Science and Engineering

Co-Supervisor: David Evans

PDF, postscript
(91 pages)

Naccio Home Page
Andrew Twyman
University of Virginia, Computer Science