Security company Qualys has recently disclosed vulnerabilities in Linux’s Systemd, the default service manager daemon for many Linux distributions . They effectively enable a non-privileged user to obtain root privileges. This follows another disclosure, from about 7 months ago, related to a different Systemd vulnerability. Thus, an attacker would be able to access any sensitive workloads on the host by leveraging those vulnerabilities. The disclosures were assigned CVE-2018-15688, CVE-2018-15687 and CVE-2018-15686. Rather than discussing the specifics of these vulnerabilities, we want to talk here about the more general problem with relying solely on the OS to secure your sensitive applications.
The underlying problem is the lack of isolation between an application and privileged accounts or the operating system. While the root account needs to be able to configure the host, there is no reason for it to be able to peek into one’s application data. To that end we advise running your applications inside secure enclaves while also sealing the persistent state of the application. Secure enclaves, such as Intel SGX, can guarantee that the application’s memory and persistent state are accessible only to the application, and not even an administrator would be able to access them.
Anjuna provides an easy way to run an entire application inside a secure enclave without the need to rearchitect it. This approach essentially decouples the application security from the security of the host on which the application is executed, and tightens the security perimeter to be around the application itself rather than having to deal with a larger security perimeter that is hard to address.
If you are interested in learning more about how Anjuna can help protect against similar kinds of threats, you are welcome to reach out to us through our website.
- New Linux Systemd security holes uncovered: https://www-zdnet-com.cdn.ampproject.org/v/s/www.zdnet.com/google-amp/article/new-linux-systemd-security-holes-uncovered/?amp_js_v=0.1