Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Tabasco A Static Security Checking Tool for Python Group 5 Yu Lin Yiting Nan Mike Smoot Jianrong Zhang 5/1/2000 CS655: Programming Languages 1 Example Goes First #!/usr/cs/contrib/bin/python import os name = raw_input("Please enter you first name: ") command = '/bin/echo ' + name os.system(command) OOPS!!! Let name be: ” homer; rm –rf /* ” 5/1/2000 CS655: Programming Languages 2 Motivation Design Goal: Used by programmers to check their programs for potential security risks. Design Principles: • Flexible • Standalone • Static checking • Report potential security violations. 5/1/2000 CS655: Programming Languages 3 Related Work 5/1/2000 CS655: Programming Languages 4 Solution • How? Check security information flow! • Security type environment • Security policy – Defines insecure function calls – Configurable by the user: flexibility! • Type checking rules vs. Environment updating rules 5/1/2000 CS655: Programming Languages 5 Type Checking Rules true --------------------- [literal] A |- literal: secure true -------------------------------- [input] A |-raw_input(S): insecure A |-ExpA: insecure A |-ExpB: insecure oper {+,-,*,/,%,**,|,^,&,<<,>>,<,==,<=,>=,!=} ----------------------------------------------------------------- [expr] A |- (ExpA oper ExpB): insecure 5/1/2000 CS655: Programming Languages 6 Type Checking: Function Calls A |-arg1: secure ... A |-argn: secure ------------------------------------------------- [secure-fun] A |-fun(arg1,...,argn) : secure A |-arg1: insecure .... A |-argn: insecure A |-fun is allowed ----------------------------------------------------- [insecure-fun] A |-fun(arg1,...,argn): insecure 5/1/2000 CS655: Programming Languages 7 Environment Updating Rules var = Expression --------------------------------------------------------------------[assign] A{var = Expression} A[var typeof(A, Expression)] Also: • [if-else] rule • [while] rule • [for] rule 5/1/2000 CS655: Programming Languages 8 If-Else Rule # z: insecure if z < 1: x = “Hello!” else: x=z #x: secure #x: insecure Is x secure or insecure after this statement? A {S1} A1 A {S2} A2 ------------------------------------------------- [if-else] A{ if exp1: S1 else: S2} A1 A2 What is A1 A2? (A1A2) |- var: secure iff A1|-var: secure and A2|-var: secure 5/1/2000 CS655: Programming Languages 9 Implementation • Lex + Yacc • Use symbol table to keep track of variables and their security information • Construct parse trees to propagate security information 5/1/2000 CS655: Programming Languages 10 Implementation (cont) stmt term expr = cmd term assign rule ‘bin/echo’ + expr rule term name cmd = ‘bin/echo’ + name 5/1/2000 CS655: Programming Languages 11 Evaluation • Our Goal – Tested against many simple programs – All succeeded • Real World – Not yet – Need complete grammar 5/1/2000 CS655: Programming Languages 12 Conclusion • Succeeded in meeting our design goals ( Standalone, Flexible, Conservative) • Can be used to help programmers find potential security flaws • Can be used to help train programmers to be more aware of security threats. Make programming 5/1/2000 SPICY! CS655: Programming Languages 13