Unified def-site and use-site security policies for component-based software systems

Overview

Securing the information manipulated by computer systems, such as privacy and integrity in social software, is a challenge. Traditional methods to impose limits on the information disclosure, such as access control lists, firewalls, and cryptography, provide no guarantees about information propagation. For instance, cryptography provides no guarantees about the confidentiality of the data are given once it is decrypted.

Information flow control (IFC) is the problem of ensuring secure information flow according to specified policies within computer systems. Modern applications are composed of reusable software components from different sources. Untrusted code (e.g. the components downloaded from the Internet) may be executed in the same process, alongside sensitive system code. Traditional IFC approaches follow a classical lattice model and allow a developer to specify and track def-site component-specific security requirements at the granularity of program variables using a transitive security policy. In contrast, recent work on nontransitive IFC assumes no transitivity of the underlying security policies and fits naturally for coarse-grained specification of use-site application-specific security requirements. Instead of trusting developer-provided security policies, users (such as application developers, builders or deployers that use the downloaded components to build applications) must specify security policies to protect sensitive system components from untrusted code.

However, these two types of security policies are disjoint therefore component-specific and application-specific security requirements may not match. In this project, we will explore new security policies that unify fine-grained and coarse-grained security specifications to connect def-site and use-site security requirements from both the developer and application. This enables us to reason directly about both the intent and extent of information flows in the program, and provide a system-wide security guarantee about privacy and integrity.

Research activities

• Explore new types of security policies for large-scale component-based software.
• Investigate state-of-the-art security analysis techniques for IFC.
• Implement a prototype that uses static or dynamic analysis techniques to enforce the new security policies.
• Experiment with the prototype and evaluate various security policies in some novel applications such as tracking interactions with untrusted third-party modules, customer-deployed microservices or downloaded mobile apps.

Outcomes

• New types of security policies for modern component-based software.
• A security analysis prototype for enforcing the new security policies.

Skills and experience

• Solid background in computer science
• Programming experience in languages like Python or Java
• GPA > 5.5

Scholarships

You may be eligible to apply for a research scholarship.

Explore our research scholarships

Keywords

• security analysis
• software engineering
• information flow security
• language-based security

Contact

Contact the supervisor for more information.