1. Date: November 9, 2011 Presenter – Munawar Hafiz Assistant Professor, CSSE, Auburn University A Tale of Four Research Ideas

2. It All Starts Here… Slide 1 of 20 Application Developer Five years ago, developers at my company worked hard to design a secure product. But security requirements change so fast these days! Our product is facing a lot of new attacks.

3. Rewrite or Fix ? Slide 2 of 20 Rewrite is infeasible. Fixing a vulnerability is an ad hoc process. “(Security) cannot be added on, it must be designed from the beginning.” [Anderson 72] [A72] J. P. Anderson. Computer security technology planning study. ESD-TR-73-51, Oct 1972.

4. Or Transform ? Security solutions can be added to a software using systematic, general purpose security-oriented program transformations Slide 3 of 20

5. Security Oriented Program Transformation Security solutions can be described as program transformations. [Hafiz, OOPSLA Companion 08] Security Oriented Program Transformation Insecure software Spec for transformation Protected Software Spec for Transformation 2 Slide 4 of 20 [Hafiz 08] M. Hafiz. Security Oriented Program Transformations. OOPSLA Companion 2008.

6. Slide 5 of 20 Example of Program Transformations P1 P2 P3 P4 PwPw Single Access Point Transformation P pol Policy Enforcement Point Transformation P fil Add Perimeter Filter Transformation Safe Library Replacement Transformation P auth Add Authentication Enforcer Transformation

7. Program Transformation Catalog [Hafiz et. al., UIUC Tech Report 2009] Slide 6 of 20 Add Account Lockout Add Audit Interceptor Add Authentication Enforcer Add Authorization Enforcer Add Password Synchronizer Add Perimeter Filter Add Replicated System Add Tandem System Add Standby Checkpointed System chroot Jail Controlled Process Creation Credential Tokenizer Decorated Filter Encryption/Decryption Error Message Suppressor Exception Shielding Explicit Type Casting Fuzzing Guarded Object Least Privilege Message Caching Message Digest Creation Message Intercepting Gateway Partitioning Policy Enforcement Point Randomization Resource Management Safe Library Replacement Safe Type Replacement Secure Logger Secure Resource Pooling Secure Session Object Signature Generation Single Access Point Single Sign On Delegate Unique Location for Each Write Request [Hafiz Adamczyk Johnson 09] M. Hafiz, P. Adamczyk and R. Johnson. A catalog of security-oriented program transformations. UIUCDCS-R-2009-3031. 2009. https://netfiles.uiuc.edu/mhafiz/www/sopt.pdf

8. Slide 7 of 20 Power Tools

9. Integer Overflow Slide 8 of 20 Integer is a variable that represents a real number without a fractional part Integers are just fixed memory regions An overflow is when the value cannot be represented in the memory Signed Short Variable (16 bits) Signed Integer Variable (32 bits) =

10. Signedness Bug Slide 9 of 20 A signed variable used in an unsigned context and vice versa (Switch to Code Example)

11. Add Integer Cast Program Transformation Slide 10 of 20 Problem You have a program in which arithmetic operations have operands with different types; the end result may contain an unexpected value. Solution Explicitly declare or cast the type of operands so that they are properly handled in an application.

12. Add Integer Cast Program Transformation Slide 11 of 20 Switch to Tool

13. Idea 1: Tools for Program Transformations (for C) Slide 12 of 20 Add Audit Interceptor Add Replicated System Checkpointed System chroot Jail Controlled Process Creation Message Digest Creation Message Intercepting Gateway Partitioning Manually Performing Change Feasibility of Automating Transformation Feasible Costly Easy to Fix Tedious Add Account Lockout Decorated Filter Encryption/Decryption Error Message Suppressor Exception Shielding Explicit Type Casting Fuzzing Guarded Object Randomization Resource Management Safe Library Replacement Safe Type Replacement Secure Logger Signature Generation Single Access Point Unique Location for Each Write Request Add Authentication Enforcer Add Authorization Enforcer Add Password Synchronizer Add Tandem System Add Standby Credential Tokenizer Least Privilege Message Caching Secure Resource Pooling Secure Session Object Single Sign On Delegate Add Perimeter Filter Policy Enforcement Point

14. Under the Hood: Abstract Syntax Tree (AST) Slide 13 of 20 while (b!=0) { if (a>b) { a=a-b; } else { b = b – a; } return a; Wikipedia. Abstract Syntax Tree

15. Idea 2: Program Transformation Infrastructure for C Slide 14 of 20 Two difficulties 1.Handling multiple configurations. 2.Static Analysis

16. Idea 3: Understanding Security Engineering Slide 15 of 20 A Bugs Life Understand the software engineering activities to detect and fix vulnerabilities Empirical Analysis on Malware Datasets Symantec WINE platform NVD and Securityfocus vulnerability list Android and IPhone vulnerabilities

17. Idea 4: Targeting a Modern Language Slide 16 of 20

18. Research Interest Slide 17 of 20 Program analysis and program transformation technologies. Application security and how to make it easy for programmers. Working on real and contemporary problems. Empirical studies to understand software engineering aspects.

19. Research Plan: Graduate Students Slide 18 of 20 Work with motivated students. Start with an independent study. Or evaluate students with my graduate level course. Support after one semester’s evaluation. The standard is very high. This is for your own benefit !

20. Research Plan: Under graduate Students Slide 19 of 20 Work with motivated students. Start with an independent study or with undergraduate research. Hourly support in some projects. Target undergraduate fellowship programs. Help placing students for summer internship. Help students in graduate school applications. The standard remains very high.

21. COMP 7970-003: Program Analysis and Program Transformation for Security Slide 20 of 20 Spring 2012! Sign up for the course !! Read papers. Present papers. Write critiques. Get involved in a project. Theme: Security of C programs. One final exam. No midterm.