Leveraging "choice" to automate authorization hook placement

Muthukumaran, Divya; Jaeger, Trent; Ganapathy, Vinod

doi:10.1145/2382196.2382215

Cited by 16 publications

(24 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, over time the amount of information that programmers must specify has been reduced. In our prior work, we infer security-sensitive operations only using the sources of untrusted inputs and languagespecific lookup functions [13].…”

Section: Background On Hook Placementmentioning

confidence: 99%

“…Second, such placements might lead to redundant authorization, as one hook may already perform the same authorization as another hook that it dominates. In our prior work, we have suggested techniques to remove hooks that authorize structure member accesses redundantly [13]. However, this approach still does not result in a placement that has a one-to-one correspondence with hooks placed manually by domain experts.…”

Section: Background On Hook Placementmentioning

confidence: 99%

“…In the figure, hooks placed by the programmer have prefixes such as m1:: and hooks placed by an automated tool [13] have prefixes such as h1::. The function MAPWINDOW performs the operation write(pWin→mapped) on the window, which makes the window viewable.…”

Section: How Manual Placements Differmentioning

confidence: 99%

“…We provide some background on our prior research [13] in automatically identifying the set O of security-sensitive operations (SSOs) in programs using static analysis. Each SSO is represented using a variable v and a set of read and write structure member accesses on the variable.…”

Section: Identifying Security-sensitive Operationsmentioning

confidence: 99%

See 3 more Smart Citations

Producing Hook Placements to Enforce Expected Access Control Policies

Muthukumaran

Talele

Jaeger

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Many security-sensitive programs manage resources on behalf of mutually distrusting clients. To control access to resources, authorization hooks are placed before operations on those resources. Manual hook placements by programmers are often incomplete or incorrect, leading to insecure programs. We advocate an approach that automatically identifies the set of locations to place authorization hooks that mediates all security-sensitive operations in order to enforce expected access control policies at deployment. However, one challenge is that programmers often want to minimize the effort of writing such policies. As a result, they may remove authorization hooks that they believe are unnecessary, but they may remove too many hooks, preventing the enforcement of some desirable access control policies.In this paper, we propose algorithms that automatically compute a minimal authorization hook placement that satisfies constraints that describe desirable access control policies. These authorization constraints reduce the space of enforceable access control policies; i.e., those policies that can be enforced given a hook placement that satisfies the constraints. We have built a tool that implements this authorization hook placement method, demonstrating how programmers can produce authorization hooks for real-world programs and leverage policy goalspecific constraint selectors to automatically identify many authorization constraints. Our experiments show that our technique reduces manual programmer effort by as much as 58% and produces placements that reduce the amount of policy specification by as much as 30%.

show abstract

Section: Background On Hook Placementmentioning

confidence: 99%

Section: Background On Hook Placementmentioning

confidence: 99%

Section: How Manual Placements Differmentioning

confidence: 99%

Section: Identifying Security-sensitive Operationsmentioning

confidence: 99%

See 2 more Smart Citations

Producing Hook Placements to Enforce Expected Access Control Policies

Muthukumaran

Talele

Jaeger

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Static taint analysis does not incur runtime overhead, but may report false errors. It has been used for identifying vulnerabilities [50,51,52,53,54], for helping symbolic execution [55], and for identifying where authorization hooks should be placed in an access-control system [56].…”

Section: Related Workmentioning

confidence: 99%

Exception analysis in the Java Native Interface

Tan

2014

Science of Computer Programming

View full text Add to dashboard Cite

A Foreign Function Interface (FFI) allows one host programming language to interoperate with another foreign language. It enables efficient software development by permitting developers to assemble components in different languages. One typical FFI is the Java Native Interface (JNI), through which Java programs can invoke native-code components developed in C, C++, or assembly code. Although FFIs bring convenience to software development, interface code developed in FFIs is often error prone because of the lack of safety and security enforcement. This paper introduces a static-analysis framework, TurboJet, which finds exception-related bugs in JNI applications. It finds bugs of inconsistent exception declarations and bugs of mishandling JNI exceptions. TurboJet is carefully engineered to achieve both high efficiency and accuracy. We have applied TurboJet on a set of benchmark programs and identified many errors. We have also implemented a practical Eclipse plug-in based on TurboJet that can be used by JNI programmers to find errors in their code.

show abstract