Results 1 - 10
of
12
Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs
- INTERNATIONAL JOURNAL OF INFORMATION SECURITY
, 2009
"... Information flow control (IFC) checks whether a program can leak secret data to public ports, or whether critical computations can be influenced from outside. But many IFC analyses are imprecise, as they are flow-insensitive, context-insensitive, or object-insensitive; resulting in false alarms. We ..."
Abstract
-
Cited by 35 (2 self)
- Add to MetaCart
(Show Context)
Information flow control (IFC) checks whether a program can leak secret data to public ports, or whether critical computations can be influenced from outside. But many IFC analyses are imprecise, as they are flow-insensitive, context-insensitive, or object-insensitive; resulting in false alarms. We argue that IFC must better exploit modern program analysis technology, and present an approach based on pro-gram dependence graphs (PDG). PDGs have been developed over the last 20 years as a standard device to represent information flow in a program, and today can handle realistic programs. In particular, our dependence graph generator for full Java bytecode is used as the basis for an IFC implementation which is more precise and needs less annotations than traditional approaches. We explain PDGs for sequential and multi-threaded pro-grams, and explain precision gains due to flow-, context-, and object-sensitivity. We then augment PDGs with a lattice of security levels and introduce the flow equations for IFC. We describe algorithms for flow computation in detail and prove their correctness. We then extend flow equations to handle declassification, and prove that our algorithm respects monotonicity of release. Finally, examples demonstrate that our implementation can check realistic sequential programs in full Java bytecode.
D.: Ontology-Based Design Pattern Recognition
- In: 12th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems (KES’08
, 2008
"... Abstract. This paper presents ontology-based architecture for pattern recognition in the context of static source code analysis. The proposed system has three subsystems: parser, OWL ontologies and analyser. The parser subsystem translates the input code to AST that is constructed as an XML tree. Th ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Abstract. This paper presents ontology-based architecture for pattern recognition in the context of static source code analysis. The proposed system has three subsystems: parser, OWL ontologies and analyser. The parser subsystem translates the input code to AST that is constructed as an XML tree. The OWL ontologies define code patterns and general programming concepts. The analyser subsystem constructs instances of the input code as ontology individuals and asks the reasoner to clas-sify them. The experience gained in the implementation of the proposed system and some practical issues are discussed. The recognition system successfully integrates the knowledge representation field and static code analysis, resulting in greater flexibility of the recognition system. Key words: knowledge-based system, ontology-based system, static code analysis, description logics, OWL application, formal pattern definition 1
Roles, Stacks, Histories: A Triple for Hoare
, 2009
"... Behavioural type and effect systems regulate properties such as adherence to object and communication protocols, dynamic security policies, avoidance of race conditions, and many others. Typically, each system is based on some specific syntax of constraints, and is checked with an ad hoc solver. Ins ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
Behavioural type and effect systems regulate properties such as adherence to object and communication protocols, dynamic security policies, avoidance of race conditions, and many others. Typically, each system is based on some specific syntax of constraints, and is checked with an ad hoc solver. Instead, we advocate types refined with first-order logic formulas as a basis for behavioural type systems, and general purpose automated theorem provers as an effective means of checking programs. To illustrate this approach, we define a triple of security-related type systems: for role-based access control, for stack inspection, and for history-based access control. The three are all instances of a refined state monad. Our semantics allows a precise comparison of the similarities and differences of these mechanisms. In our examples, the benefit of behavioural type-checking is to rule out the possibility of unexpected security exceptions, a common problem with code-based access control.
Static Vulnerability Detection in Java Service-Oriented Components
"... Abstract Extensible component-based platforms al-low dynamic discovery, installation and execution of components. Such platforms are service-oriented, as com-ponents may directly interact with each other via the services they provide. Even robust languages such as Java were not designed to handle sa ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract Extensible component-based platforms al-low dynamic discovery, installation and execution of components. Such platforms are service-oriented, as com-ponents may directly interact with each other via the services they provide. Even robust languages such as Java were not designed to handle safe code interaction between trusted and untrusted parties. Dynamic instal-lation of code provided by different third parties leads to several security issues. The different security layers adopted by Java or component-based platforms cannot fully address the problem of untrusted components try-ing to tamper with other components via legitimate interactions. A malicious component might even use vulnerable ones to compromise the whole component-based platform. Our approach identifies vulnerable components in order to prevent them from threatening services secu-rity. We use static analysis to remain as exhaustive as possible and to avoid the need for non-standard or in-trusive environments. We show that a static analysis through tainted object propagation is well suited to detect vulnerabilities in Java service-oriented compo-nents. We present STOP, a Service-oriented Tainted Object Propagation tool, which applies this technique to statically detect those security flaws. Finally, the au-dit of several trusted Apache Felix bundles shows that nowadays component-based platforms are not prepared for malicious Java interactions.
Deploying Static Application Security Testing on a Large Scale
"... Abstract: Static Code Analysis (SCA), if used for finding vulnerabilities also called Static Application Security Testing (SAST), is an important technique for detecting software vulnerabilities already at an early stage in the software development life-cycle. As such, SCA is adopted by an increasin ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
Abstract: Static Code Analysis (SCA), if used for finding vulnerabilities also called Static Application Security Testing (SAST), is an important technique for detecting software vulnerabilities already at an early stage in the software development life-cycle. As such, SCA is adopted by an increasing number of software vendors. The wide-spread introduction of SCA at a large software vendor, such as SAP, cre-ates both technical as well as non-technical challenges. Technical challenges include high false positive and false negative rates. Examples of non-technical challenges are the insufficient security awareness among the developers and managers or the integra-tion of SCA into a software development life-cycle that facilitates agile development. Moreover, software is not developed following a greenfield approach: SAP’s security standards need to be passed to suppliers and partners in the same manner as SAP’s customers begin to pass their security standards to SAP. In this paper, we briefly present how the SAP’s Central Code Analysis Team intro-duced SCA at SAP and discuss open problems in using SCA both inside SAP as well as across the complete software production line, i. e., including suppliers and partners. 1
END-TO-END INFORMATION FLOW SECURITY FOR JAVA
, 2007
"... The increasing digitalization of individual, business, and government information leads to more sensitive information being used in computer systems. This results in the requirement for modern systems to ensure that sensitive information is not leaked. Infor-mation flow control is a programming lang ..."
Abstract
- Add to MetaCart
(Show Context)
The increasing digitalization of individual, business, and government information leads to more sensitive information being used in computer systems. This results in the requirement for modern systems to ensure that sensitive information is not leaked. Infor-mation flow control is a programming language-based mechanism that focuses on securing the dissemination of information through programs. Information flow type systems aim to statically guarantee that programs do not permit leaks of sensitive information to unautho-rized locations. This dissertation focuses on improving the usability of information flow type sys-tems, and on developing a new technique for proving a static information flow system is correct. We present a static information flow type inference system for Middleweight Java (MJ) that automatically infers information flow labels, thus avoiding the need for a multi-tude of program annotations. Additionally, policies need only be specified on IO channels, the critical flow boundary. Our type system includes a high degree of parametric polymor-phism, necessary to allow classes to be used in multiple security contexts, and to properly
interfaces; D.2.4 [Software Engineering] Software/Program Verification — Assertion checkers, formal methods, programming by contract; D.3.2 [Programming Languages] Language Classifications — Objectoriented
, 2010
"... Abstract—Application-level security has become an issue in recent years; for example, errors, discrepancies and omissions in the specification of access control constraints of security-sensitive software components are recognized as an important source for security vulnerabilities. We propose to for ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Application-level security has become an issue in recent years; for example, errors, discrepancies and omissions in the specification of access control constraints of security-sensitive software components are recognized as an important source for security vulnerabilities. We propose to formally specify access control assumptions or constraints of a program module and enforce them at run-time. We call such specifications access control contracts. To realize access control contracts, we extended the JML language, a formal interface specification language for Java, and developed a prototype support tool that translates access control contracts to runtime checks. The access control contract reduces the vulnerability that a security-sensitive module be exploited to compromise the overall security of a software system. It also facilitates practicing the principle of “security by design ” by
Internally reviewed by (name/
, 2011
"... Aniketos is about establishing and maintaining trustworthiness and secure behaviour in a constantly changing service environment. The project aligns existing and and security services that support the design services, addressing service developers, service providers and service end users. This deliv ..."
Abstract
- Add to MetaCart
(Show Context)
Aniketos is about establishing and maintaining trustworthiness and secure behaviour in a constantly changing service environment. The project aligns existing and and security services that support the design services, addressing service developers, service providers and service end users. This deliverable describes models and methodologies for managing trust for services, mainly reporting the results of the first two tasks in WP2. A specific focus is on the compositional aspects of services as well as in their dynamic nature. D2.1 investigates trust as a multi mechanisms such as certification and Security trustworthiness of the composite services while user trust among users of a service development and runtime trust monitoring of composite services. Additionally, patterns and guidelines for establishing trust are defined to support service developers in designing systems that trustworthy experience for end users. PU Public CO Confidential, only for members of the consortium (including Commission Services)-2013) under grant agreement n ° 257930
