A Rose by Any Other Name or an Insane Root? Adventures in Namespace Resolution
Namespaces are fundamental to computing systems. Each namespace maps the names that clients use to retrieve resources to the actual resources themselves. However, the indirection that namespaces provide introduces avenues of attack through the name resolution process. Adversaries can trick programs into accessing unintended resources by changing the binding between names and resources and by using names whose target resources are ambiguous. In this paper, the authors explore whether a unified system approach may be found to prevent many name resolution attacks.