Exploring and enforcing security guarantees via program dependence graphs

Johnson, Andrew; Waye, Lucas; Moore, Scott M.; Chong, Stephen

doi:10.1145/2737924.2737957

Cited by 35 publications

(37 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For this assessment, we consider the following open-source Java software projects hosted on GitHub: Gitblit, 9 Open Refine, 10 Voldemort, 11 ScribeJava, 12 Solo, 13 HikariCP, 14 Apache Kafka, 15 Teammates, 16 and Crawler4J. 17 These projects have at least 100 stars and 50 forks as well as many pull requests.…”

Section: Selected Software Projectsmentioning

confidence: 99%

“…Additionally, some approaches allow developers to mitigate the significant effort issue, but they do not support code contribution analysis. 14,15 To reduce the discussed problems, we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. For instance, Gitblit is a git repository manager that uses sensitive information such as password to its authentication mechanism.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy and security constraints for code contributions

Andrade

Borba

2020

Softw Pract Exp

View full text Add to dashboard Cite

Summary In collaborative software development, developers submit their contributions to repositories that are used to integrate code from various collaborators. To avoid privacy and security issues, code contributions are often reviewed before integration. Although careful manual code review can detect such issues, it might be time‐consuming, expensive, and error‐prone. Automatic analysis tools can also detect privacy and security issues, but they often demand significant developer effort, or are domain specific, considering fixed framework specific vulnerability sources and sinks. To reduce these problems, in this paper we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. We implement a tool that automatically checks Salvum policies for systems of different technical domains. We also investigate whether Salvum can find policy violations for a number of open‐source projects. We find evidence that Salvum helps to detect violations even for well‐supported and highly active projects. Moreover, our tool helps to find 80 violations in benchmark projects.

show abstract

Section: Selected Software Projectsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Privacy and security constraints for code contributions

Andrade

Borba

2020

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…Expressive structures, like automata, have previously been used to represent information flow specifications. Program dependence graphs [17,20], which represent data and flow dependencies between values specify allowable declassifications. And Rocha et al [31,32] employ policy graphs to specify sequences of functions that cause declassifications.…”

Section: Related Workmentioning

confidence: 99%

JRIF: Reactive Information Flow Control for Java

Kozyri

Arden

Myers

et al. 2019

Foundations of Security, Protocols, and Equational Reasoning

View full text Add to dashboard Cite

A reactive information flow (RIF) automaton for a value v specifies (i) allowed uses for v and (ii) the RIF automaton for any value that might be directly or indirectly derived from v. RIF automata thus specify how transforming a value alters how the result might be used. Such labels are more expressive than existing approaches for controlling downgrading. We devised a type system around RIF automata and incorporated it into Jif, a dialect of Java that supports a classic form of labels for information flow. By implementing a compiler for the resulting JRIF language, we demonstrate how easy it is to replace a classic information-flow type system by a more expressive RIF-based type system. We programmed two example applications in JRIF, and we discuss insights they provide into the benefits of RIF-based security labels.

show abstract

“…Query language approaches relate closely to the specification aspect of Saluki. Source-based approaches (e.g., by Yamaguchi et al [39,40], and tools such as PQL [26,28,29] and Pidgin [24] use taint-style patterns to find vulnerabilities. In general, binaries present unique challenges where we cannot exploit knowledge of source-level constructs (e.g., macros and objects).…”

Section: Related Workmentioning

confidence: 99%

Saluki: Finding Taint-style Vulnerabilities with Static Property Checking

Gotovchits¹,

Tonder²,

Brumley³

2018

Proceedings 2018 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

We present Saluki, a new tool for checking taintstyle (data dependence) security properties in binary code. Saluki provides a domain specific language for expressing taint-based policies. Saluki can find vulnerabilities in real programs for a number of CWE types, including those for command injection, weak PRNG seeds, and missing sanitization checks such as SQL escape routines or checks on buffer lengths. Saluki includes two new ideas in binary program analysis. First, Saluki uses µflux, a new static analysis technique for path-sensitive, contextsensitive recovery of data dependence facts in binaries. Second, Saluki introduces a sound logic system for reasoning over data dependence facts. We develop a domain-specific language on top of our logic system to express security properties as formal specifications. Saluki includes a decidable solver procedure to prove (based on the underlying logic) whether a set of data dependence facts satisfy a security property. Our evaluation shows that Saluki is capable of finding vulnerabilities in COTS x86, x86-64, and ARM software, including 0-days

show abstract

Exploring and enforcing security guarantees via program dependence graphs

Cited by 35 publications

References 56 publications

Privacy and security constraints for code contributions

Privacy and security constraints for code contributions

JRIF: Reactive Information Flow Control for Java

Saluki: Finding Taint-style Vulnerabilities with Static Property Checking

Contact Info

Product

Resources

About