Retrofitting legacy code for authorization policy enforcement

Ganapathy, Vinod; Jaeger, Trent; Jha, Somesh

doi:10.1109/sp.2006.34

Cited by 28 publications

(23 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At present, there is no principled approach to determine which are securitysensitive, so the prior methods proposed to assist in authorization hook placement [42,7,11,12,13,34,30,26,33] expect programmers to specify the data types whose variables require authorization, which requires extensive domain knowledge. The identification of these data structures is not a trivial task and often takes multiple iterations to get right.…”

Section: Problem Definitionmentioning

confidence: 99%

“…This definition means that solutions depend heavily on this imprecise notion of security-sensitive operation. Ganapathy et al explored techniques to group statement-level operations into sets that represent securitysensitive operations using dynamic analysis and concept analysis from manually highlighted interfaces [12,13]. This definition also means that solutions will generally be finer-grained than manual placements, since manual placements aggregate hooks based on known or anticipated patterns in permission assignments.…”

Section: Problem Definitionmentioning

confidence: 99%

“…Prior work to address this problem has focused both on verification of authorization hook placement to ensure complete mediation [15,34,30] and on mining security-sensitive operations in legacy code [12,13]. The work on mining security-sensitive operations is the most closely related to this paper, and uses static [13] and dynamic program analysis [12] to identify possible hook placement locations.…”

Section: Introductionmentioning

confidence: 99%

“…The work on mining security-sensitive operations is the most closely related to this paper, and uses static [13] and dynamic program analysis [12] to identify possible hook placement locations. However, these mining techniques rely on domainspecific knowledge (e.g., a specification of the data types that denote security-sensitive objects [13]), providing of which still requires significant manual effort and a detailed understanding of the server's code base.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Leveraging "choice" to automate authorization hook placement

Muthukumaran

Jaeger

Ganapathy

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

When servers manage resources on behalf of multiple, mutuallydistrusting clients, they must mediate access to those resources to ensure that each client request complies with an authorization policy. This goal is typically achieved by placing authorization hooks at appropriate locations in server code. The goal of authorization hook placement is to completely mediate all security-sensitive operations on shared resources.To date, authorization hook placement in code bases, such as the X server and postgresql, has largely been a manual procedure, driven by informal analysis of server code and discussions on developer forums. Often, there is a lack of consensus about basic concepts, such as what constitutes a security-sensitive operation.In this paper, we propose an automated hook placement approach that is motivated by a novel observation -that the deliberate choices made by clients for objects from server collections and for processing those objects must all be authorized. We have built a tool that uses this observation to statically analyze the server source. Using real-world examples (the X server and postgresql), we show that the hooks placed by our method are just as effective as hooks that were manually placed over the course of years while greatly reducing the burden on programmers.

show abstract

Section: Problem Definitionmentioning

confidence: 99%

Section: Problem Definitionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Leveraging "choice" to automate authorization hook placement

Muthukumaran

Jaeger

Ganapathy

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…We could circumvent this limitation by writing our own LoPSiL enforcement-code inliner (e.g., using tools like the Bytecode Engineering Library [26]), as previous work has done [9,11]. Moreover, to save users from the effort of creating an .srm file, we could automatically extract a set of security-relevant methods by performing static analysis on policy code [27,28,29]. For the sake of simplicity, we did not include such features in our proof-of-concept compiler.…”

Section: Because Lopsil Uses Aspectj As Its Application Rewriter Lopmentioning

confidence: 99%

A location-based policy-specification language for mobile devices

Finnis

Saigal

Iamnitchi

et al. 2012

Pervasive and Mobile Computing

View full text Add to dashboard Cite

The dramatic rise in mobile applications has greatly increased threats to the security and privacy of users. Security mechanisms on mobile devices are currently limited, so users need more expressive ways to ensure that downloaded mobile applications do not act maliciously. Policy-specification languages were created for this purpose; they allow the enforcement of user-defined policies on third-party applications. We have implemented LoPSiL, a location-based policy-specification language for mobile devices. This article describes LoPSiL's design and implementation, several example policies, and experiments that demonstrate LoPSiL's viability for enforcing policies on mobile devices.

show abstract