Authors:
Daniele Mucci
1
and
Bernhards Blumbergs
2
Affiliations:
1
Centre for Digital Forensics and Cyber Security, Tallinn University of Technology and Estonia
;
2
Centre for Digital Forensics and Cyber Security, Tallinn University of Technology, Estonia, CERT.LV, IMCS University of Latvia and Latvia
Keyword(s):
ELF Binary Analysis, GNU/Linux System Hardening, Vulnerability Assessment, Software Containers.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Intrusion Detection and Response
;
Web Information Systems and Technologies
Abstract:
Attacks against binaries, including novel hardware based attacks (e.g., Meltdown), are still very common, with hundreds of vulnerabilities discovered every year. This paper presents TED, an auditing tool which acts from the defense perspective and verifies whether proper defenses are in place for the GNU/Linux system and for each ELF binary in it. Unlike other solutions proposed, TED aims to integrate several tools and techniques by the use of software containers; this choice created the necessity to compare and analyze the most popular container platforms to determine the most suitable for this use case. The containerization approach allows to reduce complexity, gain flexibility and extensibility at the cost of a negligible performance loss, while significantly reducing the dependencies needed. Performance and functionality tests, both in lab and real-world environments, showed the feasibility of a container-based approach and the usefulness of TED in several use cases.