View
47
Download
5
Category
Tags:
Preview:
DESCRIPTION
Aspect Security. RaviShekhar Gopalan Prof. Lieberherr. Software Security (CSG379). Topics Covered. Topics. Short Security Overview Motivation for this project What is this project? Implementation Future Work References. Security Overview. Security in Software Engineering. - PowerPoint PPT Presentation
Citation preview
Aspect SecurityAspect Security-RaviShekhar GopalanRaviShekhar Gopalan
-Prof. LieberherrProf. Lieberherr
Software Security (CSG379)Software Security (CSG379)
Topics CoveredTopics Covered
TopicsTopics
Short Security OverviewShort Security Overview Motivation for this projectMotivation for this project What is this project?What is this project? ImplementationImplementation Future WorkFuture Work ReferencesReferences
Security OverviewSecurity Overview
Security in Software EngineeringSecurity in Software Engineering
A non-functional requirementA non-functional requirement
Applied as a patch at the end of SDLCApplied as a patch at the end of SDLC
Not a design-considerationNot a design-consideration
Preference for non-invasive techniquesPreference for non-invasive techniques
Not a prime focus during developmentNot a prime focus during development
Leads to a disconnection between Leads to a disconnection between development and “security” cycledevelopment and “security” cycle
Types of SecurityTypes of Security
Domain Level SecurityDomain Level Security Is dependent on an applicationIs dependent on an application Similar to Business Rules Similar to Business Rules
Security policies, ACLs – Non-invasiveSecurity policies, ACLs – Non-invasive Store them as rules in config filesStore them as rules in config files E.g. xml files in J2EEE.g. xml files in J2EE
Provided by languageProvided by language Not the focus anywhereNot the focus anywhere
This project is about improvements to the This project is about improvements to the security features provided by the languagesecurity features provided by the language
Security provided by the languageSecurity provided by the language
Language should provide features for securityLanguage should provide features for security
Similar to “public”, “private” there should be Similar to “public”, “private” there should be some “const” keyword similar to C++some “const” keyword similar to C++
Every method should declare its behaviorEvery method should declare its behavior
For e.g. we might have a new set of keywordsFor e.g. we might have a new set of keywords ImmutableImmutable InspectorInspector MutatorMutator
MotivationMotivation
Enter AOP!Enter AOP!
Security loopholes may not be intentionalSecurity loopholes may not be intentional
Bug fixes may introduce security bugs Bug fixes may introduce security bugs
More so with AOP (compartmentalization)More so with AOP (compartmentalization)
Right time to correct in AOP whatever was Right time to correct in AOP whatever was not done in OOPnot done in OOP
Since AOP still in infancy, security focus Since AOP still in infancy, security focus can be imbibed can be imbibed
Aspect SecurityAspect Security
Aspects are powerful. Aspects are powerful. Need a controlled & safe way of aspect Need a controlled & safe way of aspect
oriented developmentoriented developmentNeed a stronger safety net than normal Need a stronger safety net than normal
languages languages
Simple Demo !!Simple Demo !!
What is this project?What is this project?
Ideally, ….Ideally, ….
Ideally, language should provide features Ideally, language should provide features for securityfor security
Every method should declare its behaviorEvery method should declare its behavior If not, metadata will have to be used.If not, metadata will have to be used.
Requirements??Requirements??
At the least, compiler shouldAt the least, compiler shouldWarn if it can determine whether a possible Warn if it can determine whether a possible
security breach existssecurity breach existsThere exists possible loop-holes which can be There exists possible loop-holes which can be
exploited in futureexploited in futureGuard against these by putting dynamic Guard against these by putting dynamic
checks in placechecks in placeThis is a bit ambitious, but not too much.This is a bit ambitious, but not too much.
What is a Secure Aspect?What is a Secure Aspect?
A secure aspect is an aspect which is A secure aspect is an aspect which is securesecure
For object-oriented programs, an aspect For object-oriented programs, an aspect should notshould not interfere with the OO part of the systeminterfere with the OO part of the systemmodify behavior of the object which it is trying modify behavior of the object which it is trying
to influence.to influence.modify data of the object which it is trying to modify data of the object which it is trying to
influence.influence.
What should a secure aspect do?What should a secure aspect do?
A secure aspect shouldA secure aspect shouldAdd behavior at a join pointAdd behavior at a join pointAdd checks for certain conditionsAdd checks for certain conditionsBasically be an inspectorBasically be an inspector
What a secure aspect should not What a secure aspect should not do?do?
A secure aspect should not A secure aspect should not Modify an object’s behavior at any join pointModify an object’s behavior at any join pointModify an object’s data at any join pointModify an object’s data at any join pointShould not change an object’s hierarchy if the Should not change an object’s hierarchy if the
object is not open to change (……)object is not open to change (……)
ImplementationImplementation
How to do it?
In order to determine the security aspects statically, step in at compile time influence the compiler with our security rules
Security Rules can be hard-coded or in some XML file
Rules in an XML file require development of a separate language syntax and its validation
Aspect Bench Compiler
abc compiler from Oxford University Chosen because it is open-source Open and easy to extendGives extension-writers the AST in
objects which are easier to manipulate
abc Architecture
abc Modification Point
Proposed Change
Compiler Front End
Aspect Checker
Static Weaving
Proof of Concept
Aspect Checker checks aspects before weaving
For this PoC, I am checking whether an aspect calls a setter method of the main class
Aspect Checker
Main BankAccount::initialize()
Set Account Id to 0
Aspect
Design of Aspect Checker
GlobalAspectChecker
BankAccountChecker BankChecker
AspectInfo
abc Compiler
AccountChecker
IndividualCheckers
Demo of Aspect CheckerDemo of Aspect Checker
Future WorkFuture Work
Future Work
Handle inter-type declarations Handle weaving of aspect-checking code Finalize design of AspectChecker
ReferencesReferences
ReferencesReferences
Building the abc AspectJ compiler with Polyglot and Soot – abc Technical Report No. abc-2004-2
abc : An extensible AspectJ compiler– abc Technical Report No. abc-2004-1
The abc scanner and parser, including an LALR(1) grammar for AspectJ
Thank You!!Thank You!!
Recommended