Automated detection, explanation, and remediation of security inconsistencies in Web application access controls using program analysis

使用程序分析自动检测、解释和修复 Web 应用程序访问控制中的安全不一致

• 批准号: RGPIN-2017-05700
• 负责人: Merlo, Ettore
• 金额: $ 1.46万
• 依托单位: École Polytechnique de Montréal
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=659641
• 关键词: Automated; detection; explanation; remediation; security

The proposed research aims at improving the quality and the security integrity of software, while reducing its development cost in the perspective of application security.******Today's large deployment of Web and mobile applications, cloud services, and cyber-physical systems demand frequent and short release cycles or continuous releases. This puts even more stress and time constraints on quality assurance in general and on application security.******I propose to design, implement, and evaluate automated and scalable methods for the early fault localization and automated repair of security inconsistencies and vulnerabilties in access controls in software applications.******I propose to localize faulty security code by investigating counter-examples from violated policies in security models and to synthesize human-usable explanations.******In this proposal, I want to address and investigate the automated repair of detected security inconsistencies by reasoning on the localized faults that correspond to executions that violate some role-privilege policies.******For example, missing checks could be repaired by automatically inserting proper authorization checks to restore the desired security reachability and accesses to security sensitive resources.******Two problems appear when path based security repair is sought:***(a) selection of code fragments implementing appropriate security checks to be inserted, deleted, or modified to repair the detected inconsistencies.***(b) where to insert the checks along the possibly many paths that violate the security reachability constraints.******In this proposal, I want to address first the problem of automated security repairs and second the problem of optimal placement of required new security checks.******I want to determine the categories of security problems that can be automatically repaired, thus relieving the developers from this burden.***I want to investigate their significance in large industrial or open source systems.******When automation cannot be completely achieved for some inconsistency category, I want to investigate an interactive and recommendation-based strategy to support the developers during their manual repair of inconsistencies by supplying explanations and suggestions.******The proposed research on automated repairs will prevent detected and repaired inconsistencies from being released. Software systems will be more secure and less vulnerable to attacks. The overall process from detection to repaired release will be shorter. Therefore, the window of opportunity for attacks will be dramatically reduced.******Results from this research will be methods and tools available to researchers for automatically analyzing and repairing large applications in the perspective of security. Findings about the effectiveness of automated detection and repair of inconsistencies in large and popular open source applications will also be produced.

本研究的目的是从应用安全的角度出发，提高软件的质量和安全完整性，同时降低软件的开发成本。当今Web和移动的应用程序、云服务和网络物理系统的大规模部署需要频繁且短的发布周期或连续发布。这给质量保证和应用程序安全带来了更大的压力和时间限制。**我建议设计，实施和评估自动化和可扩展的方法，用于早期故障定位和自动修复软件应用程序中访问控制中的安全不一致性和可扩展性。我建议通过调查安全模型中违反策略的反例来定位错误的安全代码，并综合人类可用的解释。在这个建议中，我想通过推理与违反某些角色特权策略的执行相对应的本地化错误，来解决和研究检测到的安全不一致的自动修复。例如，可以通过自动插入适当的授权检查来修复丢失的检查，以恢复所需的安全可达性和对安全敏感资源的访问。当寻求基于路径的安全修复时，会出现两个问题：*（a）选择执行适当安全检查的代码片段，以插入、删除或修改以修复检测到的不一致。(b)在可能违反安全性可达性约束的多条路径上插入检查的位置。沿着。**在这个建议中，我想首先解决自动安全修复的问题，其次解决所需新安全检查的最佳位置问题。我想确定可以自动修复的安全问题的类别，从而减轻开发人员的负担。我想研究它们在大型工业或开源系统中的重要性。当某些不一致类别无法完全实现自动化时，我想研究一种交互式和基于解释的策略，通过提供解释和建议来支持开发人员手动修复不一致。拟议的自动修复研究将防止发现和修复的不一致被释放。软件系统将更安全，更不易受到攻击。从检测到修复发布的整个过程将更短。因此，攻击的机会窗口将大大减少。研究结果将为研究人员从安全的角度自动分析和修复大型应用程序提供方法和工具。还将产生关于大型和流行的开源应用程序中自动检测和修复不一致性的有效性的调查结果。