Retrofitting legacy code for authorization policy enforcement

Author

Ganapathy, Vinod ; Jaeger, Trent ; Jha, Somesh

Author_Institution

Dept. of Comput. Sci., Wisconsin Univ., Madison, WI

fYear

2006

fDate

21-24 May 2006

Lastpage

229

Abstract

Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms are added as the need arises, by retrofitting legacy code. Existing techniques to do so are manual and ad hoc, and often result in security holes. We present program analysis techniques to assist the process of retrofitting legacy code for authorization policy enforcement. These techniques can be used to retrofit legacy servers, such as X window, Web, proxy, and cache servers. Because such servers manage multiple clients simultaneously, and offer shared resources to clients, they must have the ability to enforce authorization policies. A developer can use our techniques to identify security-sensitive locations in legacy servers, and place reference monitor calls to mediate these locations. We demonstrate our techniques by retrofitting the X11 server to enforce authorization policies on its X clients

Keywords

authorisation; program diagnostics; software maintenance; X clients; X11 server; authorization policy enforcement; legacy code retrofitting; program analysis; secure systems; security-sensitive locations; Authorization; Electrical capacitance tomography; Fingerprint recognition; Linux; Manuals; Marine vehicles; Monitoring; Performance analysis; Resource management; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2006 IEEE Symposium on

Conference_Location

Berkeley/Oakland, CA

ISSN

1081-6011

Print_ISBN

0-7695-2574-1

Type

conf

DOI

10.1109/SP.2006.34

Filename

1624013