Shill: A secure shell scripting language

Scott Moore; Christos Dimoulas; Dan King; Stephen Chong

Shill: A secure shell scripting language

Scott Moore, Christos Dimoulas, Dan King, Stephen Chong

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

24 Scopus citations

Abstract

The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components. We propose SHILL, a secure shell scripting language. SHILL scripts enable compositional reasoning about security through contracts that limit the effects of script execution, including the effects of programs invoked by the script. SHILL contracts are declarative security policies that act as documentation for consumers of SHILL scripts, and are enforced through a combination of language design and sandboxing. We have implemented a prototype of SHILL for FreeBSD and used it for several case studies including a grading script and a script to download, compile, and install software. Our experience indicates that SHILL is a practical and useful system security tool, and can provide fine-grained security guarantees.

Original language	English (US)
Title of host publication	Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014
Publisher	USENIX Association
Pages	183-199
Number of pages	17
ISBN (Electronic)	9781931971164
State	Published - Jan 1 2014
Event	11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014 - Broomfield, United States Duration: Oct 6 2014 → Oct 8 2014

Publication series

Name	Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014

Conference

Conference	11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014
Country/Territory	United States
City	Broomfield
Period	10/6/14 → 10/8/14

Funding

We thank Dan Bradley for his contributions to an early version of this work, and Jennifer Kirk for her help with statistical analysis. We are grateful to Leif Andersen, Vincent St-Amour, and Matthias Felleisen for their help profiling SHILL code. We thank Eddie Kohler, the Programming Languages Group at Harvard, and the reviewers for their helpful comments. Many thanks to Frans Kaashoek for his thoughtful shepherding. This research is supported by the Air Force Research Laboratory.

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications
Hardware and Architecture

Cite this

@inproceedings{debc16ea75be4050a1f1d24f26bb93e5,

title = "Shill: A secure shell scripting language",

abstract = "The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components. We propose SHILL, a secure shell scripting language. SHILL scripts enable compositional reasoning about security through contracts that limit the effects of script execution, including the effects of programs invoked by the script. SHILL contracts are declarative security policies that act as documentation for consumers of SHILL scripts, and are enforced through a combination of language design and sandboxing. We have implemented a prototype of SHILL for FreeBSD and used it for several case studies including a grading script and a script to download, compile, and install software. Our experience indicates that SHILL is a practical and useful system security tool, and can provide fine-grained security guarantees.",

author = "Scott Moore and Christos Dimoulas and Dan King and Stephen Chong",

note = "Publisher Copyright: {\textcopyright} 2014 by The USENIX Association. All Rights Reserved.; 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014 ; Conference date: 06-10-2014 Through 08-10-2014",

year = "2014",

month = jan,

day = "1",

language = "English (US)",

series = "Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014",

publisher = "USENIX Association",

pages = "183--199",

booktitle = "Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014",

}

Moore, S, Dimoulas, C, King, D & Chong, S 2014, Shill: A secure shell scripting language. in Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014. Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014, USENIX Association, pp. 183-199, 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014, Broomfield, United States, 10/6/14.

Shill: A secure shell scripting language. / Moore, Scott; Dimoulas, Christos; King, Dan et al.
Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014. USENIX Association, 2014. p. 183-199 (Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Shill

T2 - 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014

AU - Moore, Scott

AU - Dimoulas, Christos

AU - King, Dan

AU - Chong, Stephen

PY - 2014/1/1

Y1 - 2014/1/1

N2 - The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components. We propose SHILL, a secure shell scripting language. SHILL scripts enable compositional reasoning about security through contracts that limit the effects of script execution, including the effects of programs invoked by the script. SHILL contracts are declarative security policies that act as documentation for consumers of SHILL scripts, and are enforced through a combination of language design and sandboxing. We have implemented a prototype of SHILL for FreeBSD and used it for several case studies including a grading script and a script to download, compile, and install software. Our experience indicates that SHILL is a practical and useful system security tool, and can provide fine-grained security guarantees.

AB - The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components. We propose SHILL, a secure shell scripting language. SHILL scripts enable compositional reasoning about security through contracts that limit the effects of script execution, including the effects of programs invoked by the script. SHILL contracts are declarative security policies that act as documentation for consumers of SHILL scripts, and are enforced through a combination of language design and sandboxing. We have implemented a prototype of SHILL for FreeBSD and used it for several case studies including a grading script and a script to download, compile, and install software. Our experience indicates that SHILL is a practical and useful system security tool, and can provide fine-grained security guarantees.

UR - http://www.scopus.com/inward/record.url?scp=85012280948&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85012280948&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85012280948

T3 - Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014

SP - 183

EP - 199

BT - Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014

PB - USENIX Association

Y2 - 6 October 2014 through 8 October 2014

ER -

Shill: A secure shell scripting language

Abstract

Publication series

Conference

Funding

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this