TC:Medium:Collaborative Research:Techniques to Retrofit Legacy Code with Security

TC：中：协作研究：安全改造遗留代码的技术

• 批准号: 0904831
• 负责人: Somesh Jha
• 金额: $ 30万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0904831&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Techniques

This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5).Though perhaps unfortunate, as a practical matter software is oftenbuilt with functionality as a primary goal, and security features areonly added later, often after vulnerabilities have been identified.To reduce the cost and increase assurance in the process of securityretrofitting, the aim to develop a methodology involving automated andsemi-automated tools and techniques to add authorization policyenforcement functionality to legacy software systems.The main insight is that major portions of the tasks involved inretrofitting code can be or already have been automated, so the designprocess focuses on enabling further automation and aggregating thesetasks into a single, coherent approach.More specifically, techniques and tools are being developed to: (1)identify and label security-relevant objects and I/O channels byanalyzing and instrumenting annotated application source code; (2)insert code to mediate access to labeled entities; (3) abstract theinserted checks into policy-relevant, security-sensitive operationsthat are authorized (or denied) by the application's security policy;(4) integrate the retrofitted legacy code with the site's specificpolicy at deployment time to ensure, through advanced policy analysis,that the application enforces that site's policy correctly, and (5)verify correct enforcement of OS policy delegation by the retrofittedapplication.The techniques and tools being developed are useful not onlyfor retrofitting, but also for augmenting and verifying existing codealready outfitted with security functionality; hence improving thestate-of-the-art in creating more secure software.

该奖项是根据 2009 年《美国复苏和再投资法案》（公法 111-5）提供资金的。尽管可能不幸的是，作为一个实际问题，软件通常以功能为主要目标构建，而安全功能通常是在发现漏洞之后才添加的。为了降低安全改造过程中的成本并增加保证，目标是开发一种涉及自动化和半自动化工具和技术的方法，以 向遗留软件系统添加授权策略执行功能。主要的见解是，改造代码所涉及的主要任务可以是或已经是自动化的，因此设计过程的重点是实现进一步的自动化，并将这些任务聚合成一个单一的、连贯的方法。更具体地说，正在开发技术和工具来：（1）通过分析来识别和标记与安全相关的对象和 I/O 通道 以及检测带注释的应用程序源代码； (2)插入代码来调解对标记实体的访问； (3) 将插入的检查抽象为由应用程序的安全策略授权（或拒绝）的与策略相关的安全敏感操作；(4) 在部署时将改进的遗留代码与站点的特定策略集成，以通过高级策略分析确保应用程序正确执行该站点的策略，以及 (5) 验证改进的应用程序对操作系统策略委派的正确执行。 开发的代码不仅可用于改造，还可用于增强和验证已配备安全功能的现有代码；因此提高了创建更安全软件的最先进水平。