Abstract: For over three decades, we have been taught the Principle of Design for Security: to create a secure system, design it to be secure from the ground up. To date, however, only a small fraction of software developed has followed this principle. Economic pressures and diverse security requirements force developers to focus on functionality and performance. Security mechanisms are typically added only long after deployment, by retrofitting legacy software. Unfortunately, existing techniques to retrofit legacy software for security are manual, time-consuming, and error-prone.

In my talk, I will focus on the problem of retrofitting legacy software with mechanisms for authorization policy enforcement. A developer faced with the task of adding authorization checks must answer two key questions: (a) what are the security-sensitive operations that must be mediated with authorization checks? and (b) where in the software are these operations performed? I will present program analysis and transformation techniques that reduce the manual effort needed to answer these questions and add authorization checks. The cornerstone of these techniques is a formalism called fingerprints that helps characterize security-sensitive operations. I will present both static and dynamic program analysis techniques to mine fingerprints from legacy software, and show how fingerprints aid in adding authorization checks. Experiments with several real-world software systems show that these techniques can drastically reduce the effort needed to retrofit legacy software with security mechanisms.

Short Bio: Vinod Ganapathy holds a B.Tech in Computer Science and Engineering from IIT Bombay and an MS in Computer Science from the University of Wisconsin-Madison, where he is currently a Ph.D. candidate. His research is in computer security with a current focus on securing legacy software. He is also interested in and has worked on problems in software engineering, program analysis and formal methods.