Toward More Composable Software-Security Policies: Tools and Techniques

Lomsak, Daniel

01 January 2013

Complex software-security policies are dicult to specify, understand, and update. The same is true for complex software in general, but while many tools and techniques exist for decomposing complex general software into simpler reusable modules (packages, classes, functions, aspects, etc.), few tools exist for decomposing complex security policies into simpler reusable modules. The tools that do exist for modularizing policies either encapsulate entire policies as atomic modules that cannot be decomposed or allow ne-grained policy modularization but require expertise to use correctly. This dissertation presents a policy-composition tool called PoliSeer [27, 26] and the PoCo policy-composition software-security language. PoliSeer is a GUI-based tool designed to enable users who are not expert policy engineers to exibly specify, visualize, modify, and enforce complex runtime policies on untrusted software. PoliSeer users rely on expert policy engineers to specify universally composable policy modules; PoliSeer users then build complex policies by composing those expert-written modules. This dissertation describes the design and implementation of PoliSeer and a case study in which we have used PoliSeer to specify and enforce a policy on PoliSeer itself. PoCo is a language for specifying composable software-security policies. PoCo users specify software-security policies in terms of abstract input-output event sequences. The policy outputs are expressive, capable of describing all desired, irrelevant, and prohibited events at once. These descriptive outputs compose well: operations for combining them satisfy a large number of algebraic properties, which allows policy hierarchies to be designed more simply and naturally. We demonstrate PoCo's capability via a case study in which a sophisticated policy is implemented in PoCo.

Policy Composition

Policy-Specification Languages

Signed Regular Languages

Software Engineering

Visual Specification

Computer Sciences

Modularizing Crosscutting Concerns in Software

Saigal, Nalin

01 January 2011

Code modularization provides benefits throughout the software life cycle; however, the presence of crosscutting concerns (CCCs) in software hinders its complete modularization. Traditional modularization techniques work well under the assumption that code being modularized is functionally orthogonal to the rest of the code; as a result, software engineers try to separate code segments that are orthogonal in their functionality into distinct modules. However, in practice, software does not decompose neatly into modules with distinct, orthogonal functionality. In this thesis, we investigate the modularization of CCCs in software using two different techniques. Firstly, we discuss IVCon, a GUI-based tool that provides a novel approach to the modularization of CCCs. We have designed IVCon to capture the multi-concern nature of code. IVCon enables users to create, examine, and modify their code in two different views, the woven view and the unwoven view. The woven view displays program code in colors that indicate which CCCs various code segments implement, while the unwoven view displays code in two panels, one showing the core of the program and the other showing all the code implementing each concern in an isolated module. IVCon aims to provide an easy-to-use interface for conveniently creating, examining, and modifying code in, and translating between, the woven and unwoven views. Secondly, we discuss LoPSiL, which is a location-based policy-specification language. LoPSiL is Turing-complete and provides users with language constructs that enable them to manipulate location information; hence, LoPSiL can be used to specify and enforce generic policies that might involve location-based constraints. We have implemented a LoPSiL compiler using AspectJ, and we observe and discuss how the use of traditional units of modularization---aspects in this case---help modularize functionally orthogonal CCCs such as security and auditing.

Aspect-Oriented Programming

Code Maintenance

Policy-Specification Languages

Security

Software Engineering

American Studies

Arts and Humanities

Computer Sciences