[PASTE logo]

8th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

November 9-10, 2008 (co-located with SIGSOFT FSE 2008)


Invited Talk by Somesh Jha

Retrofitting Legacy Code for Security

Somesh Jha
University of Wisconsin, Madison

For over three decades, we have been taught the Principle of Design for Security—to create a secure system, design it to be secure from the ground up. To date, however, only a small fraction of software developed has followed this principle. Economic pressures and diverse security requirements force developers to focus on functionality and performance. Security mechanisms are typically added only long after deployment, by retrofitting legacy software. Unfortunately, existing techniques to retrofit legacy software for security are manual, time-consuming, and error-prone. In my talk, I will focus on the problem of retrofitting legacy software with mechanisms for authorization policy enforcement. A developer faced with the task of adding authorization checks must answer two key questions:

I will present program analysis and transformation techniques that reduce the manual effort needed to answer these questions and add authorization checks. The cornerstone of these techniques is a formalism called fingerprints that helps characterize security-sensitive operations. I will present both static and dynamic program analysis techniques to mine fingerprints from legacy software, and show how fingerprints aid in adding authorization checks. Experiments with several real-world software systems show that these techniques can drastically reduce the effort needed to retrofit legacy software with security mechanisms.

Bio Sketch

Somesh Jha received his B.Tech from Indian Institute of Technology, New Delhi in Electrical Engineering. He received his Ph.D. in Computer Science from Carnegie Mellon University in 1996. Currently, Somesh Jha is an Associate Professor in the Computer Sciences Department at the University of Wisconsin (Madison). His work focuses on analysis of security protocols, survivability analysis, intrusion detection, formal methods for security, and combating malicious code. Recently he has become interested in privacy-preserving protocols.