Securing Applications by Information Flow Tracking/Talk_March7_… · About Me As of January 2018,...
Transcript of Securing Applications by Information Flow Tracking/Talk_March7_… · About Me As of January 2018,...
Securing Applications by Information Flow Tracking
Musard Balliu
About Me● As of January 2018, Assistant Professor at EECS/TCS● 2014 - 2017: PostDoc at Chalmers● 2009 - 2014: Ph.D. at KTH
Research Interests: End-to-End Software Security
Computer Security
Software Engineering
Programming Languages
Formal Methods
End-to-End Security
ProblemMalicious or buggy code is a real threat: Flashlight, CVS/pharmacy
ProblemMalicious or buggy code is a real threat: Spectre, WannaCry, Heartbleed, ...
Trends in software market:
● Quick time-to-market● Business model rooted on cost-free services, and financed by ads (Facebook, Youtube)● Legacy code still there● Security as add-on, not yet part of the software development lifecycle● Platform independence, extensibility, mobile executable content
These trends become opportunities for attackers
● Easy to distribute worms, viruses, exploits, ransomware● Write an attack once and run it everywhere● Trusted and Untrusted apps execute in the same environment
Mission impossible: Keep the trends without compromising security
Goal: End-to-End Security
Private inputs cannot be inferred by attacker’s observation of public outputs.
A Password Meter
Confidentiality: Standard Security MechanismsAccess Control: regulate who can access what information
+ Prevents unauthorized release of information- ...but the password meter must access the password
Firewall and Antivirus Scanning: + Reject a “black list” of known attacks- ...but does not prevent unknown attacks
Cryptography: secure the communication channel - Endpoints of communication may leak data
Sandboxing: good for low level events, e.g., no network send after reading a file - ... but the password meter must have access to the network
Information Flow Security
Private inputs cannot be inferred by attacker’s observation of public outputs.
A Password Meter
Background: Information Flow Control● Track information propagation within the program. This can be subtle!● Not just about explicit flows:
● Also about implicit flows:
● Ensures end-to-end security
● Many flavours: covert channels, timing, …
● Enforcement: Static, Dynamic, Hybrid, Multi-execution
public = secret
if secret == 0 then public = 0 else public = 1
Taint Tracking
Information Flow Control
Building Web Apps
A plethora of languages, frameworks and libraries
Securing Web Apps Is Harder ● SQL injection, XSS, information disclosure● Most attacks occur at boundaries● Policies: SOP, CSP, CORS, ...
Use Case: Location Based Service
Searching for nearby restaurants without revealing my exact location
What Can Possibly Go Wrong
Exact location can be leaked out to different tiers
Browser Application Server Database
JavaScript/HTML F# .NET SQL
…
Homogeneous Meta-Programming with JSLINQ
JSLINQ: Architecture and Workflow
JSLINQ: Architecture and Workflow
JSLINQ: Architecture and Workflow
Homogeneous Meta-Programming with JSLINQ
● JSLINQ: A step forward toward end-to-end security● Still does not handle JavaScript Web developer libraries
Formal Framework
Formal Results for JSLINQ core
❑ Core of F# language with references and quotations (no object-oriented features)
❑ Records and list comprehensions to model databases❑ Polymorphic security labels for confidentiality/integrity ❑ Security type system❑ Proof of noninterference and declassification
From Typing Rule to Code
Case Studies
Research Vision: Pushing the boundary on both sidesEngineering Secure Systems Securing Existing Systems
+ Ultimately the way to go+ Provides strong security guarantees- Scalability vs Precision issues despite
recent advances in verification
My work● Reasoning about security● Building secure OO applications● Secure Embedded Virtualization● Web Application Security● Database-Application Security● Privacy in Social Networks
+ Raises the security bar+ Uncover new attacks in existing systems+ Applies to complex languages, e.g. JS- Bug finding technique
My work● Hardening Android App security by
facelifted values ● Taint tracking policies ● Soundness vs Precision: making
information-flow analysis practical● Reconciling DAC and IFC ● Client-side DOM-based XSS
Research Tracks
❑ Internet-of-Things Devices❖ Attacks and fixes for IoT platforms❖ Send me an email with my current location❖ When I arrive home, turn on my oven to 100 degrees❑ Hyper-property testing❖ Testing framework for noninterference❖ Property-based testing for self composition❑ Concolic execution for string constraints❑ WebAssembly❑ Program repair for security ❑Taint tracking for software architectures
Final words
❑ KTH Security Seminar series
❖ Coming up soon!
❖ Brings together researchers across EECS departments and industry
❑ I am looking for a PhD student
❖ Working on end-to-end security
❖ Interested? Drop me a line: [email protected]