Retrofitting Legacy Code for Authorization Policy Enforcement
Researchers have argued that the best way to construct a secure system
is to proactively integrate security into the design of the
system. However, this tenet is rarely followed because of economic and
practical considerations. Instead, security mechanisms are added as
the need arises, by retrofitting legacy code. Existing techniques to
do so are manual and ad hoc, and often result in security holes.
We present program analysis techniques to assist the process of
retrofitting legacy code for authorization policy enforcement. These
techniques can be used to retrofit legacy servers, such as X window,
web, proxy, and cache servers. Because such servers manage multiple
clients simultaneously, and offer shared resources to clients, they
must have the ability to enforce authorization policies. A developer
can use our techniques to identify security-sensitive locations in
legacy servers, and place reference monitor calls to mediate these
locations. We demonstrate our techniques by retrofitting an X11 server
to enforce authorization policies on its X
clients.
Download:[PS,PDF]
Somesh Jha
Last modified: Tue Sep 19 14:17:19 CDT 2006