Retrofitting Legacy Code for Security
نویسنده
چکیده
Research in computer security has historically advocated Design for Security, the principle that security must be proactively integrated into the design of a system. While examples exist in the research literature of systems that have been designed for security, there are few examples of such systems deployed in the real world. Economic and practical considerations force developers to abandon security and focus instead on functionality and performance, which are more tangible than security. As a result, large bodies of legacy code often have inadequate security mechanisms. Security mechanisms are added to legacy code on-demand using ad hoc and manual techniques, and the resulting systems are often insecure.
منابع مشابه
Retrofitting Legacy Code for Authorization Policy Enforcement
Researchers have long argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms are added as the need arises, by retrofitting legacy code. Unfortunately, existing techniques to do so are manual and adhoc, and often ...
متن کاملAssurance for Defense in Depth via Retrofitting
The computer security community has long advocated defense in depth, the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in practice, and software often ships with inadequate defenses, typically developed in an ad hoc fashion. Currently, programmers reason about security manually and lack tools to validate assurance...
متن کاملRetrofitting Security into a Web-Based Information System
Security is an extremely important issue in the development of distributed systems. This applies in particular to Web-based systems, which communicate over an open network. Failures of security mechanisms may cause very high damage with financial and legal implications. Security concerns, both on the part of enterprises and consumers, are one of the major reasons why new technologies such as E-...
متن کاملReassembleable Disassembling
Reverse engineering has many important applications in computer security, one of which is retrofitting software for safety and security hardening when source code is not available. By surveying available commercial and academic reverse engineering tools, we surprisingly found that no existing tool is able to disassemble executable binaries into assembly code that can be correctly assembled back...
متن کاملPoster: User Request as a means to Automate Authorization Hook Placement
We consider the problem of retrofitting legacy software with mechanisms for authorization policy enforcement. This is an important problem for operating systems, middleware and server applications (jointly, servers), which manage resources for and provide services to multiple, mutually-distrusting clients. Such servers must ensure that when a subject requests to perform a security-sensitive ope...
متن کامل