Somesh Jha: Retrofitting Legacy Code for Security


Law 335 | Noon | Lunch provided

Writing a complex but secure program is a near-impossible task for a conventional operating system. If an attacker compromises any module of a trusted program running on such a system, then the attacker can perform arbitrary operations on the system. However, if a program runs on a privilege-aware operating system, then the program can invoke system calls to explicitly manage the privileges of its modules, and thus minimize the abilities of an attacker. The developers of privilege-aware systems have rewritten complex programs to invoke such system calls to satisfy strong security properties. However, such systems have not been adopted by developers outside the development community of each system. Moreover, even the systems' own developers often write programs for their system that they believe to be correct, only to realize later through testing that the rewritten program is insecure or does not demonstrate desired functionality of the original program.

In this talk Dr. Jha will examine the challenges in rewriting programs for privilege-aware systems, and present a tool, called a policy weaver, that rewrites programs for such systems automatically.