Download: PDF.
“Automating Security Mediation Placement” by David H. King, Susmit Jha, Divya Muthukumaran, Trent Jaeger, Somesh Jha, and Sanjit Seshia. In Proceedings of the 19th European Symposium on Programming (ESOP '10), 2010, pp. 327-344.
Abstract
We present a framework that automatically produces resolution placement suggestions for type errors in security-typed programs, enabling legacy code to be retrofit with comprehensive security policy mediation. Resolving such type errors requires selecting a placement of mediation statements that implement runtime security decisions, such as declassifiers and authorization checks. Manually placing mediation statements in legacy code can be difficult, as there may be several, interacting type errors. In this paper, we solve this problem by constructing a graph that has the property that a vertex cut is equivalent to the points at which mediation statements can be inserted to allow the program to satisfy the type system. We build a framework that produces suggestions that are minimum cuts of this graph, and the framework can be customized to find suggestions that satisfy programmer requirements. Our framework implementation for Java programs computes suggestions for 20,000 line programs in less than 100 seconds, reduces the number of locations a programmer must consider by 90%, and selects suggestions similar to those proposed by expert programmers 80% of the time.
Download: PDF.
BibTeX entry:
@inproceedings{esop10-king,
author = {David H. King and Susmit Jha and Divya Muthukumaran and Trent
Jaeger and Somesh Jha and Sanjit Seshia},
title = {Automating Security Mediation Placement},
booktitle = {Proceedings of the 19th European Symposium on Programming
(ESOP '10)},
pages = {327-344},
year = {2010}
}
(This webpage was created with bibtex2web.)
Back to Trent Jaeger's Publications.