RETROFITTING PROGRAMS FOR COMPLETE SECURITY MEDIATION
Open Access
- Author:
- King, David Holliday
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- August 03, 2009
- Committee Members:
- Trent Ray Jaeger, Dissertation Advisor/Co-Advisor
Trent Ray Jaeger, Committee Chair/Co-Chair
John Joseph Hannan, Committee Chair/Co-Chair
Patrick Drew Mcdaniel, Committee Member
Martin Furer, Committee Member
Piotr Berman, Committee Member
Stephen George Simpson, Committee Member - Keywords:
- program analysis
mediation statements - Abstract:
- Application security is the cause of many vulnerabilities on a modern operating system, making it important for applications to enforce an external security policy. Recent work in language-based security has provided methods for verifying whether or not an application is compliant with a security policy. To use these methods, the programmer provides security labels to program objects and then inserts mediation statements to indicate positions where the security label of a program element might change. However, it is currently not possible to retrofit existing applications to use these guarantees for two reasons: the complexity of information flows and the amount of code that must be manually examined by the programmer to insert mediation statements. In this thesis we provide methods for resolving these problems: an algorithm for explaining information flow errors, an algorithm for automatically suggesting locations in code where mediation statements should be inserted, and a model that enables automatically adding security guarantees to legacy code.