html5-img
1 / 27

Program Languages and Program Analysis for Security

Program Languages and Program Analysis for Security. Marco Pistoia Ulfar Erlingsson. Introduction Secure Language Design Access Control Web Application Security Secure Information Flow Trusted Declassification Secure Development Conclusion. Software Security.

bess
Télécharger la présentation

Program Languages and Program Analysis for Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Program Languages and Program Analysis for Security Marco Pistoia Ulfar Erlingsson

  2. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  3. Software Security • Usually an afterthought of development • When security problems arise it can be very difficult to find and fix them • Research community has created new languages and static and dynamic analysis tools • Been looking for solutions to automatically detect

  4. ACM SIGPLAN • A yearly workshop on Programming Languages and Analysis for Security (PLAS) • Introduced in 2006 • This paper is a 3 year retrospective of PLAS

  5. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  6. Research • Designing languages with security features • Code-based and subject-based authentication and authorization, information flow, and support for cryptography • Add missing security features to existing languages

  7. JIF • Java Information Flow (JIF) is a language that requires variables to be labeled with information-flow security policies. • Compiler flags when possible information leaks may occur

  8. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  9. Mobile • An extension of the .NET Common Intermediate Language which supports Inlined Reference Monitors (IRMs) • If a mobile application is well typed then it is guaranteed to not violate security policy when run • An IRM expressed in Mobile can be certified by a simple type-checker • Eliminates the need to trust the producer

  10. Mobile with .NET • No change is required to existing .NET virtual machine implementations when executing Mobile programs • Mobile consist of normal managed CIL code stored in .NET attributes

  11. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  12. Integrity and Confidentiality • Common attacks • Structured Query Language injection (SQLi) • Cross-site Scripting (XSS) • Other problems with advent of Web 2.0 • Ajax, continuous network activity • Web apps need to sanitize all input data from untrusted users • Verify info it releases is not private and properly declassified

  13. Eliminate Vulnerabilities • Script injection vulnerabilities in applications • Requires only minor browser modifications • Extension of same-origin policy for JavaScript • No changes to the development process in most cases • Slight framework modification for apps built on top of a framework

  14. Encryption Mechanism • Encrypt data before sending to untrusted sites • Manage encryption keys using keystores on the Web without user intervention

  15. Automated Solutions • Manual code reviews are time consuming and expensive • Use Static source-code analysis • Precise alias analysis • Targeted at the unique reference semantics commonly found in scripting languages • Quality and quantity of the generated vulnerability reports is enhanced via a novel algorithm

  16. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  17. Type Systems • Mechanism for efficiently checking that information flows within a program are secure • Conservative, often rejecting safe programs • Users have to decide

  18. Remedy • Method for automatically finding witnesses of insecure information flow • Reports exact input states that lead to leakage of secret information • Combination of type-based analysis and model checking

  19. Fixing Existing Program • Adding sound information-flow security policy to an existing program is a difficult task • Requires major code inspection • Program analysis • Structural changes of code

  20. Refactoring Programs • Refactor Programs Into distinct components of high and low security • Aids in the production of programs with sound information-flow policies • Programs without information-flow • Program slicer is used to identify code that depends on high security inputs • Controlled information releases can occur at explicit declassification points • Results in a program with explicit interfaces between components of different security levels

  21. Efficient Algorithm • Algorithms can be developed for information-flow analysis expressed using a type system • The algorithm can check whether the program is well typed, and there is no information of higher security classes flowing into places of lower security classes according to a lattice of security classes • Analysis is expresses as a set of Datalog like rules based on the typing and subtyping rules

  22. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  23. Downgrading • Process of verifying and endorsing previously suspect information and declassifying originally confidential information • Must be done with care

  24. Trusted Declassification • Let declassified functions be set by the security admin as part of the global policy • Declassification policies are a key part of language based information security • Different approaches address different aspects • What, who, when, and where • Must combine all these to avoid information laundering

  25. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  26. Secure Code Development • To guarantee security for a software’s lifecycle • Essential to write secure code • Set of principles • Subset implemented in IDE for Jif, (built on Eclipse)

  27. Conclusion • ACM SIGPLAN workshop on Programming Languages and Analysis for Security (PLAS) • Provided important work on privacy, security and programming languages • Has made progress in securing the entire software lifecycle • Development and deployment • Legacy and new code

More Related