TC:Medium:Collaborative Research:Techniques to Retrofit Legacy Code with Security

TC：中：协作研究：安全改造遗留代码的技术

• 批准号: 0905419
• 负责人: Michael Hicks
• 金额: $ 30万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2012-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905419&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Techniques

This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5).Though perhaps unfortunate, as a practical matter software is oftenbuilt with functionality as a primary goal, and security features areonly added later, often after vulnerabilities have been identified.To reduce the cost and increase assurance in the process of securityretrofitting, the aim to develop a methodology involving automated andsemi-automated tools and techniques to add authorization policyenforcement functionality to legacy software systems.The main insight is that major portions of the tasks involved inretrofitting code can be or already have been automated, so the designprocess focuses on enabling further automation and aggregating thesetasks into a single, coherent approach.More specifically, techniques and tools are being developed to: (1)identify and label security-relevant objects and I/O channels byanalyzing and instrumenting annotated application source code; (2)insert code to mediate access to labeled entities; (3) abstract theinserted checks into policy-relevant, security-sensitive operationsthat are authorized (or denied) by the application's security policy;(4) integrate the retrofitted legacy code with the site's specificpolicy at deployment time to ensure, through advanced policy analysis,that the application enforces that site's policy correctly, and (5)verify correct enforcement of OS policy delegation by the retrofittedapplication.The techniques and tools being developed are useful not onlyfor retrofitting, but also for augmenting and verifying existing codealready outfitted with security functionality; hence improving thestate-of-the-art in creating more secure software.

该奖项是根据2009年美国复苏和再投资法案资助的（Public Law 111-5）.虽然可能是不幸的，但实际上软件通常是以功能为主要目标构建的，安全功能只是后来才添加的，通常是在发现漏洞之后。为了降低成本并增加安全改造过程中的保证，其目的是开发一种方法，包括自动化和半自动化的工具和技术，以将授权策略执行功能添加到遗留软件系统中。主要的见解是，改造代码所涉及的任务的主要部分可以或已经被自动化，更具体地说，正在开发的技术和工具可以：（1）通过分析和检测带注释的应用程序源代码来识别和标记与安全相关的对象和I/O通道;（2）插入代码以调解对标记实体的访问;（3）将插入的检查抽象为与策略相关的、安全敏感的、被授权的操作（或拒绝）应用程序的安全策略;（4）在部署时将改进的遗留代码与站点的特定策略集成，以通过高级策略分析来确保应用程序正确地执行该站点的策略，以及（5）验证改进后的应用程序对操作系统策略委托的正确执行。正在开发的技术和工具不仅对改进有用，而且对增强和验证已经配备了安全功能的现有代码也有用，从而提高了创建更安全软件的最新技术水平。