GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement

TL;DR

GoLeash is a system that enhances security in the Go language ecosystem by enforcing package-level policies to detect and prevent supply chain attacks more effectively than traditional methods.

Contribution

It introduces a novel runtime policy enforcement system that applies least privilege principles at the package level in Go, improving detection of malicious packages.

Findings

Detects malicious packages more precisely than sandboxing.

Remains effective under code obfuscation.

Has acceptable runtime overhead.

Abstract

Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively used in critical cloud infrastructures. We present GoLeash, a novel system that applies the principle of least privilege at the package-level granularity, by enforcing distinct security policies for each package in the supply chain. This finer granularity enables GoLeash to detect malicious packages more precisely than traditional sandboxing that handles security policies at process- or container-level. Moreover, GoLeash remains effective under obfuscation, can overcome the limitations of static analysis, and incurs acceptable runtime overhead.