Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Challenges for Information-flow Security* Steve Zdancewic University of Pennsylvania * This talk is an attempt to be provocative and controversial.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.
Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic Lantian Zheng Nathaniel Nystrom Andrew Myers Cornell University.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
CS7100 (Prasad)L16-7AG1 Attribute Grammars Attribute Grammar is a Framework for specifying semantics and enables Modular specification.
1 Compiler Construction Intermediate Code Generation.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
JFlow: Practical Mostly-Static Information Flow Control Andrew C. Myers.
Extensible Verification of Untrusted Code Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck May 14, 2004 OSQ Retreat Santa.
Owned Policies for Information Security Hubie Chen Stephen Chong Cornell University.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
Information Flow, Security and Programming Languages Steve Steve Zdancewic.
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
6/18/2015 4:21 AM Information Flow James Hook CS 591: Introduction to Computer Security.
Decentralized Robustness Stephen Chong Andrew C. Myers Cornell University CSFW 19 July 6 th 2006.
6/20/ :09 PM Information Flow James Hook CS 591: Introduction to Computer Security.
Transformation of Java Card into Diet Java Semester Project Presentation Erich Laube.
CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.
Chapter 14: Protection.
COMP 14: Intro. to Intro. to Programming May 23, 2000 Nick Vallidis.
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
Miser-C MISRA-C Compliance Checker Ian Biller, Phillippe Dass, Bryan Eldridge, Jon Senchyna, Tracy Thomas Faculty Coach: Professor Michael Lutz Project.
Polyglot An Extensible Compiler Framework for Java Nathaniel Nystrom Michael R. Clarkson Andrew C. Myers Cornell University.
Programming Languages and Paradigms Object-Oriented Programming.
Presented By: Shriraksha Mohan Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers.
CIS 270—Application Development II Chapter 13—Exception Handling.
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
MT311 Java Application Development and Programming Languages Li Tak Sing( 李德成 )
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Language-Based Information-Flow Security Richard Mancusi CSCI 297.
1 Week 4 Questions / Concerns Comments about Lab1 What’s due: Lab1 check off this week (see schedule) Homework #3 due Wednesday (Define grammar for your.
CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.
Containment and Integrity for Mobile Code Security policies as types Andrew Myers Fred Schneider Department of Computer Science Cornell University.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
JAVA BASICS: Variables and References SYNTAX, ERRORS, AND DEBUGGING.
A Bipartite Graph Model of Information Flow IFIP WG 2.3, May 2014 Gary T. Leavens (with John L. Singleton) University of Central Florida Orlando Florida.
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.
Interpretation Environments and Evaluation. CS 354 Spring Translation Stages Lexical analysis (scanning) Parsing –Recognizing –Building parse tree.
Containment and Integrity for Mobile Code End-to-end security, untrusted hosts Andrew Myers Fred Schneider Department of Computer Science Cornell University.
BUILD ON THE POLYGLOT COMPILER FRAMEWORK MIHAL BRUMBULLI 7th Workshop “SEERE” Montenegro-Risan 9-14 September 2007 SimJ Programming Language.
SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.
CS 153: Concepts of Compiler Design August 26 Class Meeting Department of Computer Science San Jose State University Fall 2015 Instructor: Ron Mak
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Chapter 3 Part II Describing Syntax and Semantics.
CS536 Semantic Analysis Introduction with Emphasis on Name Analysis 1.
Programming Languages
Java Basics Opening Discussion zWhat did we talk about last class? zWhat are the basic constructs in the programming languages you are familiar.
Using the while-statement to process data files. General procedure to access a data file General procedure in computer programming to read data from a.
Interfaces F What is an Interface? F Creating an Interface F Implementing an Interface F What is Marker Interface?
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Decentralized Information Flow A paper by Myers/Liskov.
Quick Review of OOP Constructs Classes:  Data types for structured data and behavior  fields and methods Objects:  Variables whose data type is a class.
CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.
Compilers and Interpreters
Dr. Abdullah Almutairi Spring PHP is a server scripting language, and a powerful tool for making dynamic and interactive Web pages. PHP is a widely-used,
Language-Based Information- Flow Security (Sabelfeld and Myers) “Practical methods for controlling information flow have eluded researchers for some time.”
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style JFlow: Practical Mostly-Static Information Flow Control.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Inheritance But first, a few homework corrections and clarifications
Java Programming Language
Behavioral Design Patterns
Paper Reading Group:. Language-Based Information-Flow Security. A
CS 153: Concepts of Compiler Design November 30 Class Meeting
CSE401 Introduction to Compiler Construction
Exception Handling.
Presentation transcript:

Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner

Purpose of Polyglot Allow easy extensions to Java language Security Support new language designs Optimization, static analysis Instructional uses

Polyglot Architecture Polyglot base is a static checker for Java source code Extensions add AST components and compiler passes Size of extension code proportional to complexity of changes Parse extended-language source code, and reduce code to Java AST which is output as.java files javac then compiles to final bytecode form

Grammars & Passes “PPG” parser generator used; provides grammar inheritance Passes perform static analysis, type checking, compilation steps; run in a “scheduled” work queue AST Rewriting is entirely functional

Example: Coffer tracked(F) class FileReader { FileReader(File f) [] -> [F] throws IOException[] {... } int read() [F] -> [F] throws IOException[F] {... } void close() [F] -> [] {...; free this; } } Language includes annotations on functions to enforce linear use of “capability keys”; “free” statement destroys the capability key for an object

Extensions & Delegates Simple subclassing does not provide rich-enough object extension; code duplication still happens Extension objects allow additional methods to be attached to a node Delegate objects allow overriding of existing methods using user- defined dispatch protocols Goal is “mixin extensibility”

Additional Notes & Results Separate compilation through serialized class data Qualitative measure of “code required” vs. “departure from Java” demonstrates simple language changes require simple compiler changes Many languages (PolyJ, JMatch, others) implemented in Polyglot... Including Jif!

Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Meyers Presentation by Aaron Kimball & Ben Lerner

Purpose of Program Partitioning (PpoPP?) Run programs securely on trusted hosts Hard parts: Not everyone trusts every host Not everyone trusts each other How to ensure security is preserved?

Technical Terms Principal: a person, machine, or entity Authority: a set of principals who can perform some action Confidentiality: data isn’t leaked to principals who shouldn’t see it Integrity: data isn’t modified by principals who shouldn’t do so

Security Labels Labels look like Data are tagged by labels Each owner o specifies a set of allowed readers A principal can read data only if all owners permit it More owners  more restrictive policy

Confidentiality  Integrity Integrity constraints look like {?:r} Data has no owner, but is trusted by r Confidentiality: owner trusts readers not to do something bad Integrity: reader trusts owner hadn’t done something bad

Side channels If (b_secret) then x = true else x = false This leaks the secret data! Security is label is restricted at every p.c.

Example: Oblivious transfer Variables are only accessible by Alice Assignment ok because of authority clause Endorse lets Alice blindly trust Bob’s data Declassify lets Bob read Alice’s data public class OTExample { {Alice:; ?:Alice} int {Alice:; ?:Alice} m1; {Alice:; ?:Alice} int {Alice:; ?:Alice} m2; {Alice:; ?:Alice} bool {Alice:; ?:Alice} isAccessed; {Bob:}{?:Alice}{Bob:} int{Bob:} transfer{?:Alice} (int{Bob:} n) where authority(Alice) where authority(Alice) { int tmp1 = m1; int tmp2 = m2; if (!isAccessed) { isAccessed = true; endorse({?:Alice} if (endorse(n, {?:Alice}) == 1) declassify({Bob} return declassify(tmp1, {Bob:}); else declassify({Bob} return declassify(tmp2, {Bob:}); } return 0; }

How to split Each machine carries some security label All data carries some label “Just” split the computations such that Label(f) <= Label(host) Host must be at least as confidential as the data, and have at most as much integrity as the data

Interesting bits: ICS Within a single host, security is easy to check Integrity Control Stack: security across hosts Deep stack  many data dependencies  lower data integrity  less trusted data Stack policies enforced with nonce capabilities

Interesting bits: Label inference Type checking extended to infer labels for all data and constraints for all flows …where Polyglot is useful

Future work Adding more interesting security relations “Alice Actsfor Bob” Dynamically generated labels – hard to split! …label polymorphism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.