Date post: | 18-Jan-2018 |
Category: |
Documents |
Upload: | clarence-hopkins |
View: | 217 times |
Download: | 0 times |
Aspect SecurityAspect Security-RaviShekhar GopalanRaviShekhar Gopalan
-Prof. LieberherrProf. Lieberherr
Software Security (CSG379)Software Security (CSG379)
Topics CoveredTopics Covered
TopicsTopics
Short Security OverviewShort Security Overview Motivation for this projectMotivation for this project What is this project?What is this project? ImplementationImplementation Future WorkFuture Work ReferencesReferences
Security OverviewSecurity Overview
Security in Software EngineeringSecurity in Software Engineering
A non-functional requirementA non-functional requirementApplied as a patch at the end of SDLCApplied as a patch at the end of SDLCNot a design-considerationNot a design-considerationPreference for non-invasive techniquesPreference for non-invasive techniquesNot a prime focus during developmentNot a prime focus during developmentLeads to a disconnection between Leads to a disconnection between development and “security” cycledevelopment and “security” cycle
Types of SecurityTypes of SecurityDomain Level SecurityDomain Level Security Is dependent on an applicationIs dependent on an application Similar to Business Rules Similar to Business Rules Security policies, ACLs – Non-invasiveSecurity policies, ACLs – Non-invasive Store them as rules in config filesStore them as rules in config files E.g. xml files in J2EEE.g. xml files in J2EEProvided by languageProvided by language Not the focus anywhereNot the focus anywhere
This project is about improvements to the This project is about improvements to the security features provided by the languagesecurity features provided by the language
Security provided by the languageSecurity provided by the language
Language should provide features for securityLanguage should provide features for securitySimilar to “public”, “private” there should be Similar to “public”, “private” there should be some “const” keyword similar to C++some “const” keyword similar to C++Every method should declare its behaviorEvery method should declare its behaviorFor e.g. we might have a new set of keywordsFor e.g. we might have a new set of keywords ImmutableImmutable InspectorInspector MutatorMutator
MotivationMotivation
Enter AOP!Enter AOP!
Security loopholes may not be intentionalSecurity loopholes may not be intentionalBug fixes may introduce security bugs Bug fixes may introduce security bugs More so with AOP (compartmentalization)More so with AOP (compartmentalization)Right time to correct in AOP whatever was Right time to correct in AOP whatever was not done in OOPnot done in OOPSince AOP still in infancy, security focus Since AOP still in infancy, security focus can be imbibed can be imbibed
Aspect SecurityAspect Security
Aspects are powerful. Aspects are powerful. Need a controlled & safe way of aspect Need a controlled & safe way of aspect
oriented developmentoriented developmentNeed a stronger safety net than normal Need a stronger safety net than normal
languages languages
Simple Demo !!Simple Demo !!
What is this project?What is this project?
Ideally, ….Ideally, …. Ideally, language should provide features Ideally, language should provide features
for securityfor securityEvery method should declare its behaviorEvery method should declare its behavior If not, metadata will have to be used.If not, metadata will have to be used.
Requirements??Requirements??At the least, compiler shouldAt the least, compiler should
Warn if it can determine whether a possible Warn if it can determine whether a possible security breach existssecurity breach exists
There exists possible loop-holes which can be There exists possible loop-holes which can be exploited in futureexploited in future
Guard against these by putting dynamic Guard against these by putting dynamic checks in placechecks in place
This is a bit ambitious, but not too much.This is a bit ambitious, but not too much.
What is a Secure Aspect?What is a Secure Aspect? A secure aspect is an aspect which is A secure aspect is an aspect which is
securesecure For object-oriented programs, an aspect For object-oriented programs, an aspect
should notshould not interfere with the OO part of the systeminterfere with the OO part of the systemmodify behavior of the object which it is trying modify behavior of the object which it is trying
to influence.to influence.modify data of the object which it is trying to modify data of the object which it is trying to
influence.influence.
What should a secure aspect do?What should a secure aspect do?
A secure aspect shouldA secure aspect shouldAdd behavior at a join pointAdd behavior at a join pointAdd checks for certain conditionsAdd checks for certain conditionsBasically be an inspectorBasically be an inspector
What a secure aspect should not What a secure aspect should not do?do?
A secure aspect should not A secure aspect should not Modify an object’s behavior at any join pointModify an object’s behavior at any join pointModify an object’s data at any join pointModify an object’s data at any join pointShould not change an object’s hierarchy if the Should not change an object’s hierarchy if the
object is not open to change (……)object is not open to change (……)
ImplementationImplementation
How to do it?
In order to determine the security aspects statically, step in at compile time influence the compiler with our security rules
Security Rules can be hard-coded or in some XML file
Rules in an XML file require development of a separate language syntax and its validation
Aspect Bench Compiler
abc compiler from Oxford University Chosen because it is open-source Open and easy to extendGives extension-writers the AST in
objects which are easier to manipulate
abc Architecture
abc Modification Point
Proposed Change
Compiler Front End
Aspect Checker
Static Weaving
Proof of Concept
Aspect Checker checks aspects before weaving
For this PoC, I am checking whether an aspect calls a setter method of the main class
Aspect Checker
Main BankAccount::initialize()
Set Account Id to 0
Aspect
Design of Aspect Checker
GlobalAspectChecker
BankAccountChecker BankChecker
AspectInfo
abc Compiler
AccountChecker
IndividualCheckers
Demo of Aspect CheckerDemo of Aspect Checker
Future WorkFuture Work
Future Work
Handle inter-type declarations Handle weaving of aspect-checking code Finalize design of AspectChecker
ReferencesReferences
ReferencesReferences
Building the abc AspectJ compiler with Polyglot and Soot – abc Technical Report No. abc-2004-2
abc : An extensible AspectJ compiler– abc Technical Report No. abc-2004-1
The abc scanner and parser, including an LALR(1) grammar for AspectJ
Thank You!!Thank You!!