TY - GEN
T1 - Retrofitting legacy code for authorization policy enforcement
AU - Ganapathy, Vinod
AU - Jaeger, Trent
AU - Jha, Somesh
PY - 2006/11/21
Y1 - 2006/11/21
N2 - Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms are added as the need arises, by retrofitting legacy code. Existing techniques to do so are manual and ad hoc, and often result in security holes. We present program analysis techniques to assist the process of retrofitting legacy code for authorization policy enforcement. These techniques can be used to retrofit legacy servers, such as X window, web, proxy, and cache servers. Because such servers manage multiple clients simultaneously, and offer shared resources to clients, they must have the ability to enforce authorization policies. A developer can use our techniques to identify security-sensitive locations in legacy servers, and place reference monitor calls to mediate these locations. We demonstrate our techniques by retrofitting the XII server to enforce authorization policies on its X clients.
AB - Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms are added as the need arises, by retrofitting legacy code. Existing techniques to do so are manual and ad hoc, and often result in security holes. We present program analysis techniques to assist the process of retrofitting legacy code for authorization policy enforcement. These techniques can be used to retrofit legacy servers, such as X window, web, proxy, and cache servers. Because such servers manage multiple clients simultaneously, and offer shared resources to clients, they must have the ability to enforce authorization policies. A developer can use our techniques to identify security-sensitive locations in legacy servers, and place reference monitor calls to mediate these locations. We demonstrate our techniques by retrofitting the XII server to enforce authorization policies on its X clients.
UR - http://www.scopus.com/inward/record.url?scp=33751060933&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33751060933&partnerID=8YFLogxK
U2 - 10.1109/SP.2006.34
DO - 10.1109/SP.2006.34
M3 - Conference contribution
AN - SCOPUS:33751060933
SN - 0769525741
SN - 9780769525747
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 214
EP - 228
BT - Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
T2 - 2006 IEEE Symposium on Security and Privacy, S and P 2006
Y2 - 21 May 2006 through 24 May 2006
ER -