Program Languages and Program Analysis for Security - PowerPoint PPT Presentation

program languages and program analysis for security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Program Languages and Program Analysis for Security PowerPoint Presentation
Download Presentation
Program Languages and Program Analysis for Security

play fullscreen
1 / 27
Program Languages and Program Analysis for Security
144 Views
Download Presentation
bess
Download Presentation

Program Languages and Program Analysis for Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Program Languages and Program Analysis for Security Marco Pistoia Ulfar Erlingsson

  2. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  3. Software Security • Usually an afterthought of development • When security problems arise it can be very difficult to find and fix them • Research community has created new languages and static and dynamic analysis tools • Been looking for solutions to automatically detect

  4. ACM SIGPLAN • A yearly workshop on Programming Languages and Analysis for Security (PLAS) • Introduced in 2006 • This paper is a 3 year retrospective of PLAS

  5. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  6. Research • Designing languages with security features • Code-based and subject-based authentication and authorization, information flow, and support for cryptography • Add missing security features to existing languages

  7. JIF • Java Information Flow (JIF) is a language that requires variables to be labeled with information-flow security policies. • Compiler flags when possible information leaks may occur

  8. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  9. Mobile • An extension of the .NET Common Intermediate Language which supports Inlined Reference Monitors (IRMs) • If a mobile application is well typed then it is guaranteed to not violate security policy when run • An IRM expressed in Mobile can be certified by a simple type-checker • Eliminates the need to trust the producer

  10. Mobile with .NET • No change is required to existing .NET virtual machine implementations when executing Mobile programs • Mobile consist of normal managed CIL code stored in .NET attributes

  11. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  12. Integrity and Confidentiality • Common attacks • Structured Query Language injection (SQLi) • Cross-site Scripting (XSS) • Other problems with advent of Web 2.0 • Ajax, continuous network activity • Web apps need to sanitize all input data from untrusted users • Verify info it releases is not private and properly declassified

  13. Eliminate Vulnerabilities • Script injection vulnerabilities in applications • Requires only minor browser modifications • Extension of same-origin policy for JavaScript • No changes to the development process in most cases • Slight framework modification for apps built on top of a framework

  14. Encryption Mechanism • Encrypt data before sending to untrusted sites • Manage encryption keys using keystores on the Web without user intervention

  15. Automated Solutions • Manual code reviews are time consuming and expensive • Use Static source-code analysis • Precise alias analysis • Targeted at the unique reference semantics commonly found in scripting languages • Quality and quantity of the generated vulnerability reports is enhanced via a novel algorithm

  16. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  17. Type Systems • Mechanism for efficiently checking that information flows within a program are secure • Conservative, often rejecting safe programs • Users have to decide

  18. Remedy • Method for automatically finding witnesses of insecure information flow • Reports exact input states that lead to leakage of secret information • Combination of type-based analysis and model checking

  19. Fixing Existing Program • Adding sound information-flow security policy to an existing program is a difficult task • Requires major code inspection • Program analysis • Structural changes of code

  20. Refactoring Programs • Refactor Programs Into distinct components of high and low security • Aids in the production of programs with sound information-flow policies • Programs without information-flow • Program slicer is used to identify code that depends on high security inputs • Controlled information releases can occur at explicit declassification points • Results in a program with explicit interfaces between components of different security levels

  21. Efficient Algorithm • Algorithms can be developed for information-flow analysis expressed using a type system • The algorithm can check whether the program is well typed, and there is no information of higher security classes flowing into places of lower security classes according to a lattice of security classes • Analysis is expresses as a set of Datalog like rules based on the typing and subtyping rules

  22. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  23. Downgrading • Process of verifying and endorsing previously suspect information and declassifying originally confidential information • Must be done with care

  24. Trusted Declassification • Let declassified functions be set by the security admin as part of the global policy • Declassification policies are a key part of language based information security • Different approaches address different aspects • What, who, when, and where • Must combine all these to avoid information laundering

  25. Introduction • Secure Language Design • Access Control • Web Application Security • Secure Information Flow • Trusted Declassification • Secure Development • Conclusion

  26. Secure Code Development • To guarantee security for a software’s lifecycle • Essential to write secure code • Set of principles • Subset implemented in IDE for Jif, (built on Eclipse)

  27. Conclusion • ACM SIGPLAN workshop on Programming Languages and Analysis for Security (PLAS) • Provided important work on privacy, security and programming languages • Has made progress in securing the entire software lifecycle • Development and deployment • Legacy and new code