Automating Security Mediation Placement

14 years 4 months ago
Automating Security Mediation Placement
Abstract. We present a framework that automatically produces suggestions to resolve type errors in security-typed programs, enabling legacy code to be retrofit with comprehensive security policy mediation. Resolving such type errors requires selecting a placement of mediation statements that implement runtime security decisions, such as declassifiers and authorization checks. Manually placing mediation statements in legacy code can be difficult, as there may be several, interacting type errors. In this paper, we solve this problem by constructing a graph that has the property that a vertex cut is equivalent to the points at which mediation statements can be inserted to allow the program to satisfy the type system. We build a framework that produces suggestions that are minimum cuts of this graph, and the framework can be customized to find suggestions that satisfy programmer requirements. Our framework implementation for Java programs computes suggestions for 20,000 line programs in le...
Dave King 0002, Divya Muthukumaran, Sanjit A. Sesh
Added 02 Mar 2010
Updated 06 Mar 2013
Type Conference
Year 2010
Where ESOP
Authors Dave King 0002, Divya Muthukumaran, Sanjit A. Seshia, Somesh Jha, Susmit Jha, Trent Jaeger
Comments (0)