Program Analysis for

neversinkhurriedΚινητά – Ασύρματες Τεχνολογίες

12 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

68 εμφανίσεις

Program Languages and
Program Analysis for
Security

Marco Pistoia


Ulfar Erlingsson




Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Software Security


Usually an afterthought of development


When security problems arise it can be very difficult to
find and fix them


Research community has created new languages and
static and dynamic analysis tools


Been looking for solutions to automatically detect

ACM SIGPLAN


A yearly workshop on Programming Languages and
Analysis for Security (PLAS)


Introduced in 2006


This paper is a 3 year retrospective of PLAS


Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Research


Designing languages with security features


Code
-
based and subject
-
based authentication and
authorization, information flow, and support for
cryptography


Add missing security features to existing languages



JIF


Java Information Flow (JIF) is a language that requires
variables to be labeled with information
-
flow security
policies.


Compiler flags when possible information leaks may
occur



Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Mobile


An extension of the .NET Common Intermediate
Language which supports Inlined Reference Monitors
(IRMs)


If a mobile application is well typed then it is
guaranteed to not violate security policy when run


An IRM expressed in Mobile can be certified by a simple
type
-
checker


Eliminates the need to trust the producer

Mobile with .NET


No change is required to existing .NET virtual
machine implementations when executing
Mobile programs


Mobile consist of normal managed CIL code stored
in .NET attributes


Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Integrity and Confidentiality


Common attacks


Structured Query Language injection (SQLi)


Cross
-
site Scripting (XSS)


Other problems with advent of Web 2.0


Ajax, continuous network activity


Web apps need to sanitize all input data from untrusted
users


Verify info it releases is not private and properly declassified


Eliminate Vulnerabilities


Script injection vulnerabilities in applications


Requires only minor browser modifications


Extension of same
-
origin policy for JavaScript


No changes to the development process in most cases


Slight framework modification for apps built on top of a
framework

Encryption Mechanism


Encrypt data before sending to untrusted sites


Manage encryption keys using keystores on the Web
without user intervention


Automated Solutions


Manual code reviews are time consuming and
expensive


Use Static source
-
code analysis


Precise alias analysis


Targeted at the unique reference semantics commonly found in
scripting languages


Quality and quantity of the generated vulnerability reports is
enhanced via a novel algorithm



Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Type Systems


Mechanism for efficiently checking that information
flows within a program are secure


Conservative, often rejecting safe programs


Users have to decide


Remedy


Method for automatically finding witnesses of insecure
information flow


Reports exact input states that lead to leakage of secret
information


Combination of type
-
based analysis and model checking

Fixing Existing Program


Adding sound information
-
flow security policy to an
existing program is a difficult task


Requires major code inspection


Program analysis


Structural changes of code


Refactoring Programs


Refactor Programs

Into distinct components of high and low
security


Aids in the production of programs with sound information
-
flow policies


Programs without information
-
flow


Program slicer is used to identify code that depends on high security
inputs


Controlled information releases can occur at explicit
declassification points


Results in a program with explicit interfaces between
components of different security levels


Efficient Algorithm


Algorithms can be developed for information
-
flow analysis expressed using a type system


The algorithm can check whether the program is
well typed, and there is no information of higher
security classes flowing into places of lower security
classes according to a lattice of security classes


Analysis is expresses as a set of Datalog like rules
based on the typing and subtyping rules


Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Downgrading


Process of verifying and endorsing previously suspect
information and declassifying originally confidential
information


Must be done with care


Trusted Declassification


Let declassified functions be set by the security admin
as part of the global policy


Declassification policies are a key part of language
based information security


Different approaches address different aspects


What, who, when, and where


Must combine all these to avoid information laundering



Introduction


Secure Language Design


Access Control


Web Application Security


Secure Information Flow


Trusted Declassification


Secure Development


Conclusion

Secure Code Development


To guarantee security for a software’s lifecycle


Essential to write secure code


Set of principles


Subset implemented in IDE for Jif, (built on Eclipse)


Conclusion


ACM SIGPLAN workshop on Programming
Languages and Analysis for Security (PLAS)


Provided important work on privacy, security and
programming languages


Has made progress in securing the entire software lifecycle


Development and deployment


Legacy and new code