Maintaining Authorization Hook Placements Across Program Versions

Nirupama Talele, Divya Muthukumaran, Frank Capobianco, Trent Jaeger, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We examine the problem of maintaining security code across program versions. There are now several cases where programmers manually retrofit their programs with security code, such as authorization mechanisms. However, programs evolve, so a challenge for programmers is to determine whether their security code remains correct across multiple versions of the program. The insight of this work is that programmers can use the constraints on the authorization policies that can be enforced in one version of the program to limit their effort in validating authorization hook placements in later versions. We develop a tool we call HEIMDAL to implement this insight, finding that a modest number of authorization constraints require review across several versions of the X window server program.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE Cybersecurity Development, SecDev 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages67-68
Number of pages2
ISBN (Electronic)9781509055883
DOIs
StatePublished - Feb 1 2017
Event2016 IEEE Cybersecurity Development, SecDev 2016 - Boston, United States
Duration: Nov 3 2016Nov 4 2016

Publication series

NameProceedings - 2016 IEEE Cybersecurity Development, SecDev 2016

Other

Other2016 IEEE Cybersecurity Development, SecDev 2016
CountryUnited States
CityBoston
Period11/3/1611/4/16

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Talele, N., Muthukumaran, D., Capobianco, F., Jaeger, T., & Tan, G. (2017). Maintaining Authorization Hook Placements Across Program Versions. In Proceedings - 2016 IEEE Cybersecurity Development, SecDev 2016 (pp. 67-68). [7839793] (Proceedings - 2016 IEEE Cybersecurity Development, SecDev 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SecDev.2016.024