Somesh Jha, Retrofitting Legacy Code for Security
Research in computer security has historically advocated Design forSecurity, the principle that security must be proactively integratedinto the design of a system. While examples exist in the researchliterature of systems that have been designed for security, there arefew examples of such systems deployed in the real world. Economic andpractical considerations force developers to abandon security andfocus instead on functionality and performance, which are moretangible than security. As a result, large bodies of legacy code oftenhave inadequate security mechanisms. Security mechanisms are added tolegacy code on-demand using ad hoc and manual techniques, and theresulting systems are often insecure.This talk advocates the need for techniques to retrofitsystems with security mechanisms. In particular, it focuses on theproblem of retrofitting legacy code with mechanisms for authorizationpolicy enforcement. It introduces a new formalism, calledfingerprints, to represent security-sensitive operations. Fingerprintsare code templates that represent accesses to security-criticalresources, and denote key steps needed to perform operations on theseresources. This talk develops both fingerprint mining andfingerprint matching algorithms.Fingerprint mining algorithms discover fingerprints ofsecurity-sensitive operations by analyzing source code. Thistalk presents two novel algorithms that use dynamic programanalysis and static program analysis, respectively, to minefingerprints. The fingerprints so mined are used by the fingerprintmatching algorithm to statically locate security-sensitiveoperations. Program transformation is then employed to staticallymodify source code by adding authorization policy lookups at eachlocation that performs a security-sensitive operation.These techniques have been applied to three real-world systems. Thesecase studies demonstrate that techniques based upon program analysisand transformation offer a principled and automated alternative to thead hoc and manual techniques that are currently used to retrofitlegacy software with security mechanisms. Time permitting, we willtalk about other problems in the context of retrofitting legacy codefor security. I will also indicate where ideas from model-checking have been used in this work. About the speaker: Somesh Jha received his B.Tech from Indian Institute of Technology,New Delhi in Electrical Engineering. He received his Ph.D. in ComputerScience from Carnegie Mellon University in 1996. Currently, Somesh Jhais a Professor in the Computer Sciences Department at theUniversity of Wisconsin (Madison), which he joined in 2000. His workfocuses on analysis of security protocols, survivability analysis,intrusion detection, formal methods for security, and analyzingmalicious code. Recently he has also worked on privacy-preservingprotocols. Somesh Jha has published over 100 articles in highly-refereedconferences and prominent journals. He has won numerous best-paper awards.Somesh also received the NSF career award in 2005.
Create your
podcast in
minutes
It is Free