Retrofitting legacy code for authorization policy enforcement

Vinod Ganapathy, Trent Jaeger, Somesh Jha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

28 Scopus citations

Abstract

Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms are added as the need arises, by retrofitting legacy code. Existing techniques to do so are manual and ad hoc, and often result in security holes. We present program analysis techniques to assist the process of retrofitting legacy code for authorization policy enforcement. These techniques can be used to retrofit legacy servers, such as X window, web, proxy, and cache servers. Because such servers manage multiple clients simultaneously, and offer shared resources to clients, they must have the ability to enforce authorization policies. A developer can use our techniques to identify security-sensitive locations in legacy servers, and place reference monitor calls to mediate these locations. We demonstrate our techniques by retrofitting the XII server to enforce authorization policies on its X clients.

Original languageEnglish (US)
Title of host publicationProceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
Pages214-228
Number of pages15
DOIs
StatePublished - Nov 21 2006
Event2006 IEEE Symposium on Security and Privacy, S and P 2006 - Berkeley, United States
Duration: May 21 2006May 24 2006

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2006
ISSN (Print)1081-6011

Other

Other2006 IEEE Symposium on Security and Privacy, S and P 2006
Country/TerritoryUnited States
CityBerkeley
Period5/21/065/24/06

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint

Dive into the research topics of 'Retrofitting legacy code for authorization policy enforcement'. Together they form a unique fingerprint.

Cite this