Download Group 5: Tabasco

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts
no text concepts found
Transcript 
Tabasco
A Static Security Checking Tool for Python
Group 5
Yu Lin
Yiting Nan
Mike Smoot
Jianrong Zhang
5/1/2000
CS655: Programming Languages
1
Example Goes First
#!/usr/cs/contrib/bin/python
import os
name = raw_input("Please enter you first name:
")
command = '/bin/echo ' + name
os.system(command)
OOPS!!!
Let name be: ” homer; rm –rf /* ”
5/1/2000
CS655: Programming Languages
2
Motivation
Design Goal:
Used by programmers to check their programs for
potential security risks.
Design Principles:
• Flexible
• Standalone
• Static checking
• Report potential security violations.
5/1/2000
CS655: Programming Languages
3
Related Work
5/1/2000
CS655: Programming Languages
4
Solution
• How? Check security information flow!
• Security type environment
• Security policy
– Defines insecure function calls
– Configurable by the user: flexibility!
• Type checking rules vs. Environment
updating rules
5/1/2000
CS655: Programming Languages
5
Type Checking Rules
true
--------------------- [literal]
A |- literal: secure
true
-------------------------------- [input]
A |-raw_input(S): insecure
A |-ExpA: insecure  A |-ExpB: insecure
oper  {+,-,*,/,%,**,|,^,&,<<,>>,<,==,<=,>=,!=}
----------------------------------------------------------------- [expr]
A |- (ExpA oper ExpB): insecure
5/1/2000
CS655: Programming Languages
6
Type Checking: Function Calls
A |-arg1: secure  ...  A |-argn: secure
------------------------------------------------- [secure-fun]
A |-fun(arg1,...,argn) : secure
A |-arg1: insecure  ....  A |-argn: insecure
A |-fun is allowed
----------------------------------------------------- [insecure-fun]
A |-fun(arg1,...,argn): insecure
5/1/2000
CS655: Programming Languages
7
Environment Updating Rules
var = Expression
--------------------------------------------------------------------[assign]
A{var = Expression} A[var  typeof(A, Expression)]
Also:
• [if-else] rule
• [while] rule
• [for] rule
5/1/2000
CS655: Programming Languages
8
If-Else Rule
# z: insecure
if z < 1:
x = “Hello!”
else:
x=z
#x: secure
#x: insecure
Is x secure or insecure after this statement?
A {S1} A1
A {S2} A2
------------------------------------------------- [if-else]
A{ if exp1: S1 else: S2} A1 A2
What is A1 A2?
(A1A2) |- var: secure iff A1|-var: secure and A2|-var: secure
5/1/2000
CS655: Programming Languages
9
Implementation
• Lex + Yacc
• Use symbol table to keep track of
variables and their security information
• Construct parse trees to propagate
security information
5/1/2000
CS655: Programming Languages
10
Implementation (cont)
stmt
term
expr
=
cmd
term
assign rule
‘bin/echo’
+
expr rule
term
name
cmd = ‘bin/echo’ + name
5/1/2000
CS655: Programming Languages
11
Evaluation
• Our Goal
– Tested against many simple programs
– All succeeded
• Real World
– Not yet
– Need complete grammar
5/1/2000
CS655: Programming Languages
12
Conclusion
• Succeeded in meeting our design goals
( Standalone, Flexible, Conservative)
• Can be used to help programmers find
potential security flaws
• Can be used to help train programmers to be
more aware of security threats.
Make programming
5/1/2000
SPICY!
CS655: Programming Languages
13
Related documents