The current software security models, policies, mechanisms, and means of assurance are a relic of the times when software began being developed, and have not evolved along with it, says Google researcher Úlfar Erlingsson. Practical security of computer users has, therefore, worsened, even as a plethora of computer security mechanisms have been introduced time and time again.
Erlingsson proposes a new data-driven software security model to improve user and system security.
“When deciding whether software should be permitted to perform a security-relevant action, it seems like a good idea to consider the historical evidence of what actions that software has performed in the past,” he noted.
“For popular, widely-used software, there are literally billions of executions from which to draw such historical evidence, thereby allowing a very accurate view of what constitutes ‘normal’ software execution to be established.”
He posits that this “historical” information, properly summarized and used along with the software, could support this new security model, which says: “Permit only executions that historical evidence shows to be common enough, unless given explicit, special permission.”
“This model could, by default, prevent many software attacks, such as privilege-escalation exploits of the vulnerabilities regularly discovered in esoteric operating system services,” says Erlingsson. “Most recently, this model’s enforcement would have blocked exploits of the CVE-2016-0728 vulnerability by prohibiting use of the Linux keyctl system call in commonly-used applications, since historical evidence would have shown that this software never used keyctl or kernel keyrings.”
This approach could either used by itself or combined with existing security models.
Erlingsson is aware that there may be obstacles to implementing it, and that it hinges on the efficient monitoring of how software is behaving, and that monitoring this behavior should be executed without intruding on users’ privacy.
But, these things can be achieved, he believes, and machine learning methods can help discover users’ expectations for intended software behavior, and thereby help set security policy.
In his paper, he also details examples of how Google has already managed to successfully perform and/or implement all three of these steps.