InvisiType: Object-Oriented Security Policies

نویسندگان

  • Jiwon Seo
  • Monica S. Lam
چکیده

Many modern software platforms today, including browsers, middle-ware server architectures, cell phone operating systems, web application engines, support third-party software extensions. This paper proposes InvisiType, an object-oriented approach that enables platform developers to efficiently enforce fine-grain safety checks on third-party extensions without requiring their cooperation. This allows us to harness the true power of third-party software by giving it access to sensitive data while ensuring that it does not leak data. In this approach, a platform developer encapsulates all safety checks in a policy class and selectively subjects objects at risk to these policies. The run-time enforces these policies simply by changing the types of these objects dynamically. It uses the virtual method dispatch mechanism to substitute the original methods and operations with code laced with safety checks efficiently. The run-time hides the type changes from the application code so the original code can run unmodified. We have incorporated the notion of InvisiType into the Python language. We have applied the technique to 4 real-world Python web applications totaling 156,000 lines of code. InvisiType policies greatly enhance the security of the web applications, including MoinMoin, a popular, 94,000-line Wiki Engine. MoinMoin has a large number of third-party extensions, which makes security enforcement important. With less than 150 lines of Python code, we found 16 security bugs in MoinMoin. This represents a significant reduction in developers’ effort from a previous proposal, Flume, which required 1,000 lines of C++ code and modifications to 1,000 lines of Python code. Our InvisiType policies successfully found 19 cross-site scripting vulnerabilities and 6 access control errors in total. The overhead of applying the policies is less than 4 percent, indicating that the technique is practical. General Terms Security, Design, Programming Language

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Software Architectural Alternatives for User Role-Based Security Policies

Security concerned users and organizations must be provided with the means to protect and control access to object-oriented software, especially with an exploding interest in designing/developing object-oriented software in Java, C++, and Ada95. Our user-role based security (URBS) approach has emphasized: a customizable public interface that appears di erently at di erent times for speci c user...

متن کامل

Supporting Secure Canonical Upgrade Policies in Multilevel Secure Object Stores

Secure canonical upgrade policies are multilevel relabel policies that, under certain conditions, allow high-level subjects to update low-level security labels. This paper describes a scheme whereby these policies can be supported within the Message Filter Model for multilevel secure object-oriented database management systems.

متن کامل

Capability-Based Primitives for Access Control in Object-Oriented Systems

Access control is the cornerstone of information security and integrity, but the semantic diversity of object models makes it di cult to provide a common foundation for access control in objectoriented systems. This paper presents a primitive capability-based access control architecture that can model a variety of authorization policies for object-oriented systems. The architecture described is...

متن کامل

An Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model

In this paper, a practical method that can be employed to manage security policies using the eXtensible Markup Language (XML) is presented. The method efficiently administrates security policies based on the object oriented role-based access control model (ORBAC). Moreover, an information flow analysis technique is introduced for checking whether or not a created XML-based ORBAC security policy...

متن کامل

Managing Security in Object-based Distributed Systems Using Ponder

Security management involves specification and deployment of access control policies as well as activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. The management actions to be performed when an event occurs depend on the enterprise policy. Reusable composite policy specifications are important to cater fo...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010