A security policy oracle: Detecting security holes using multiple API implementations

Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

Volumn , Issue , 2011, Pages 343-354

  Srivastava, Varun ^a   Bond, Michael D ^b   McKinley, Kathryn S ^c   Shmatikov, Vitaly ^c  

^a YAHOO INC   (United States)

^b OHIO STATE UNIVERSITY   (United States)

^c UNIVERSITY OF TEXAS AT AUSTIN   (United States)

Author keywords

access control; authorization; java class libraries; security; static analysis

Indexed keywords

APPLICATION PROGRAMMING INTERFACES (API); AUTHORIZATION; JAVA PROGRAMMING LANGUAGE; LIBRARIES; NETWORK SECURITY; PROGRAM DEBUGGING; SECURITY SYSTEMS;

CONTEXT-SENSITIVE ANALYSIS; ENTRY POINT; FLOW-SENSITIVE ANALYSIS; JAVA CLASS LIBRARY; JAVA LIBRARY; SECURITY; SECURITY CHECKS; SECURITY HOLES; SECURITY POLICY; STATIC VERIFICATION;

STATIC ANALYSIS;

EID: 79959910753     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1993498.1993539     Document Type: Conference Paper

References (39)

1. Amazon. Amazon Web Services. http://aws.amazon.com/.
2. G. Ammons, R. Bodík, and J. R. Larus. Mining specifications. In ACM Symposium on the Principles of Programming Languages, pages 4-16, 2002.
3. B. S. Baker. On finding duplication and near-duplication in large software systems. In IEEE Working Conference on Reverse Engineering, pages 86-95, 1995.
4. T. Ball and S. K. Rajamani. The SLAM project: Debugging system software via static analysis. In ACM Symposium on the Principles of Programming Languages, pages 1-3, 2002.
5. T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In ACM European Conference on Computer Systems, pages 73-85, 2006.
6. D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker BLAST. International Journal on Software Tools for Technology Transfer, 9(5-6):505-525, 2007.
7. H. Chen and D. Wagner. MOPS: An infrastructure for examining security properties of software. In ACM Conference on Computer and Communications Security, pages 235-244, 2002.
8. E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244-263, 1986.
9. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Exposition, pages 119-129, 2000.
10. I. Dillig, T. Dillig, and A. Aiken. Static error detection using semantic inconsistency inference. In ACM Conference on Programming Language Design and Implementation, pages 435-445, 2007.
11. A. Diwan, K. S. McKinley, and J. E. B. Moss. Using types to analyze and optimize object-oriented programs. ACM Transactions on Programming Languages and Systems, 23(1):30-72, 2001.
12. S. Ducasse, M. Rieger, and S. Demeyer. A language independent approach for detecting duplicated code. In IEEE International Conference on Software Maintenance, pages 109-118, 1999.
13. E. A. Emerson and E. M. Clarke. Characterizing correctness properties of parallel programs using fixpoints. In Colloquium on Automata, Languages and Programming, pages 169-181, 1980.
14. D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In ACM Symposium on Operating Systems Principles, pages 57-72, 2001.
15. V. Ganapathy, D. King, T. Jaeger, and S. Jha. Mining security-sensitive operations in legacy code using concept analysis. In ACM International Conference on Software Engineering, pages 458-467, 2007.
16. Google. Google Apps. http://www.google.com/apps/.
17. D. Grove and L. Torczon. Interprocedural constant propagation: A study of jump function implementations. In ACM Conference on Programming Language Design and Implementation, pages 90-99, 1993.
18. S. Z. Guyer and C. Lin. Error checking with client-driven pointer analysis. Science of Computer Programming, 58(1-2):83-114, 2005. (Pubitemid 41261378)
19. D. Hovemeyer and W. Pugh. Finding bugs is easy. In ACM OOPSLA Onward!, pages 92-106, 2004.
20. IBM. Cloud Computing. http://ibm.com/developerworks/cloud/.
21. S. Kim, K. Pan, and E. E. J. Whitehead, Jr. Memories of bug fixes. In ACM Symposium on the Foundations of Software Engineering, pages 35-45, 2006.
22. L. Koved, M. Pistoia, and A. Kershenbaum. Access rights analysis for Java. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pages 359-372, 2002.
23. J. Krinke. Identifying similar code with program dependence graphs. In IEEEWorking Conference on Reverse Engineering, pages 301-309, 2001.
24. 2. Software Quality Control, 12(4):361-382, 2004.
25. O. Lhoták and L. Hendren. Context-sensitive points-to analysis: Is it worth it? In International Conference on Compiler Construction, pages 47-64, 2006.
26. Z. Li, L. Tan, X. Wang, S. Lu, Y. Zhou, and C. Zhai. Have things changed now? An empirical study of bug characteristics in modern open source software. In Workshop on Architectural and System Support for Improving Software Dependability (ASID), pages 25-33, 2006.
27. T. J. Marlowe and B. G. Ryder. Properties of data flow frameworks. Acta Informatics (ACTA), 28(2):121-163, 1990.
28. M. Pistoia, R. J. Flynn, L. Koved, and V. C. Sreedhar. Interprocedural analysis for privileged code placement and tainted variable detection. In European Conference on Object-Oriented Programming, pages 362-386, 2005.
29. Salesforce. Salesforce Platform. http://www.salesforce.com/platform/.
30. A. P. Sistla, V. N. Venkatakrishnan, M. Zhou, and H. Branske. CMV: Automatic verification of complete mediation for Java Virtual Machines. In ACM Symposium on Information, Computer and Communications Security, pages 100-111, 2008.
31. V. Srivastava. Vulnerabilities submitted to Classpath, Dec 2009-Jan 2010. http://gcc.gnu.org/bugzilla/show-bug.cgi?id=42390.
32. V. Srivastava. Vulnerabilities submitted to Harmony, Nov 2009. https://issues.apache.org/jira/browse/HARMONY-6367.
33. V. Srivastava. Vulnerabilities submitted to Sun JDK, Jan-Oct 2010. http://bugs.sun.com/bugdatabase/view-bug.do?bug-id=6914460.
34. V. Sundaresan, L. Hendren, C. Razafimahefa, R. Vallée-Rai, P. Lam, E. Gagnon, and C. Godin. Practical virtual method call resolution for Java. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pages 264-280, 2000.
35. L. Tan, X. Zhang, X. Ma, W. Xiong, and Y. Zhou. AutoISES: Automatically inferring security specifications and detecting violations. In USENIX Security Symposium, pages 379-394, 2008.
36. M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. ACM Transactions on Programming Languages and Systems, 13(2):181-210, 1991.
37. J. Whaley, M. C. Martin, and M. S. Lam. Automatic extraction of object-oriented component interfaces. In ACM International Symposium on Software Testing and Analysis, pages 218-228, July 2002.
38. R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In ACM Conference on Programming Language Design and Implementation, pages 1-12, 1995.
39. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. Communications of the ACM, 53(1):91-99, 2010.