TY - GEN
T1 - Leveraging "choice" to automate authorization hook placement
AU - Muthukumaran, Divya
AU - Jaeger, Trent
AU - Ganapathy, Vinod
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - When servers manage resources on behalf of multiple, mutually-distrusting clients, they must mediate access to those resources to ensure that each client request complies with an authorization policy. This goal is typically achieved by placing authorization hooks at appropriate locations in server code. The goal of authorization hook placement is to completely mediate all security-sensitive operations on shared resources. To date, authorization hook placement in code bases, such as the X server and postgresql, has largely been a manual procedure, driven by informal analysis of server code and discussions on developer forums. Often, there is a lack of consensus about basic concepts, such as what constitutes a security-sensitive operation. In this paper, we propose an automated hook placement approach that is motivated by a novel observation - that the deliberate choices made by clients for objects from server collections and for processing those objects must all be authorized. We have built a tool that uses this observation to statically analyze the server source. Using real-world examples (the X server and postgresql), we show that the hooks placed by our method are just as effective as hooks that were manually placed over the course of years while greatly reducing the burden on programmers.
AB - When servers manage resources on behalf of multiple, mutually-distrusting clients, they must mediate access to those resources to ensure that each client request complies with an authorization policy. This goal is typically achieved by placing authorization hooks at appropriate locations in server code. The goal of authorization hook placement is to completely mediate all security-sensitive operations on shared resources. To date, authorization hook placement in code bases, such as the X server and postgresql, has largely been a manual procedure, driven by informal analysis of server code and discussions on developer forums. Often, there is a lack of consensus about basic concepts, such as what constitutes a security-sensitive operation. In this paper, we propose an automated hook placement approach that is motivated by a novel observation - that the deliberate choices made by clients for objects from server collections and for processing those objects must all be authorized. We have built a tool that uses this observation to statically analyze the server source. Using real-world examples (the X server and postgresql), we show that the hooks placed by our method are just as effective as hooks that were manually placed over the course of years while greatly reducing the burden on programmers.
UR - http://www.scopus.com/inward/record.url?scp=84869394032&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869394032&partnerID=8YFLogxK
U2 - 10.1145/2382196.2382215
DO - 10.1145/2382196.2382215
M3 - Conference contribution
AN - SCOPUS:84869394032
SN - 9781450316507
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 145
EP - 156
BT - CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
T2 - 2012 ACM Conference on Computer and Communications Security, CCS 2012
Y2 - 16 October 2012 through 18 October 2012
ER -