TY - GEN
T1 - Maintaining Authorization Hook Placements Across Program Versions
AU - Talele, Nirupama
AU - Muthukumaran, Divya
AU - Capobianco, Frank
AU - Jaeger, Trent
AU - Tan, Gang
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2017/2/1
Y1 - 2017/2/1
N2 - We examine the problem of maintaining security code across program versions. There are now several cases where programmers manually retrofit their programs with security code, such as authorization mechanisms. However, programs evolve, so a challenge for programmers is to determine whether their security code remains correct across multiple versions of the program. The insight of this work is that programmers can use the constraints on the authorization policies that can be enforced in one version of the program to limit their effort in validating authorization hook placements in later versions. We develop a tool we call HEIMDAL to implement this insight, finding that a modest number of authorization constraints require review across several versions of the X window server program.
AB - We examine the problem of maintaining security code across program versions. There are now several cases where programmers manually retrofit their programs with security code, such as authorization mechanisms. However, programs evolve, so a challenge for programmers is to determine whether their security code remains correct across multiple versions of the program. The insight of this work is that programmers can use the constraints on the authorization policies that can be enforced in one version of the program to limit their effort in validating authorization hook placements in later versions. We develop a tool we call HEIMDAL to implement this insight, finding that a modest number of authorization constraints require review across several versions of the X window server program.
UR - http://www.scopus.com/inward/record.url?scp=85015232041&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85015232041&partnerID=8YFLogxK
U2 - 10.1109/SecDev.2016.024
DO - 10.1109/SecDev.2016.024
M3 - Conference contribution
AN - SCOPUS:85015232041
T3 - Proceedings - 2016 IEEE Cybersecurity Development, SecDev 2016
SP - 67
EP - 68
BT - Proceedings - 2016 IEEE Cybersecurity Development, SecDev 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE Cybersecurity Development, SecDev 2016
Y2 - 3 November 2016 through 4 November 2016
ER -