1 / 13

Tabasco

Tabasco. A Static Security Checking Tool for Python. Group 5 Yu Lin Yiting Nan Mike Smoot Jianrong Zhang. OOPS!!!. Example Goes First. #!/usr/cs/contrib/bin/python import os name = raw_input("Please enter you first name: ") command = '/bin/echo ' + name os.system(command).

carter
Download Presentation

Tabasco

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tabasco A Static Security Checking Tool for Python Group 5 Yu Lin Yiting Nan Mike Smoot Jianrong Zhang 1

  2. OOPS!!! Example Goes First #!/usr/cs/contrib/bin/python import os name = raw_input("Please enter you first name: ") command = '/bin/echo ' + name os.system(command) Let name be: ” homer; rm –rf /* ” 2

  3. Motivation Design Goal: Used by programmers to check their programs for potential security risks. Design Principles: • Flexible • Standalone • Static checking • Report potential security violations. 3

  4. Related Work JFLOW Tabasco Rexec Bastion JPython 4

  5. Solution • How? Check security information flow! • Security type environment • Security policy • Defines insecure function calls • Configurable by the user: flexibility! • Type checking rules vs. Environment updating rules 5

  6. Type Checking Rules true --------------------- [literal] A |- literal: secure true -------------------------------- [input] A |-raw_input(S): insecure A |-ExpA: insecure A |-ExpB: insecure oper  {+,-,*,/,%,**,|,^,&,<<,>>,<,==,<=,>=,!=} ----------------------------------------------------------------- [expr] A |- (ExpA oper ExpB): insecure 6

  7. Type Checking: Function Calls A |-arg1: secure ...  A |-argn: secure ------------------------------------------------- [secure-fun] A |-fun(arg1,...,argn) : secure A |-arg1: insecure ....  A |-argn: insecure A |-fun is allowed ----------------------------------------------------- [insecure-fun] A |-fun(arg1,...,argn): insecure 7

  8. Environment Updating Rules var = Expression --------------------------------------------------------------------[assign] A{var = Expression} A[var  typeof(A, Expression)] • Also: • [if-else] rule • [while] rule • [for] rule 8

  9. Is x secureorinsecureafter this statement? If-Else Rule # z: insecure if z < 1: x = “Hello!” #x: secure else: x = z #x: insecure A {S1} A1 A {S2} A2 ------------------------------------------------- [if-else] A{ if exp1: S1 else: S2} A1 A2 What isA1 A2? (A1A2) |- var: secure iff A1|-var: secure and A2|-var: secure 9

  10. Implementation • Lex + Yacc • Use symbol table to keep track of variables and their security information • Construct parse trees to propagate security information 10

  11. expr rule stmt expr expr term = cmd cmd cmd term term + term term ‘bin/echo’ ‘bin/echo’ name name assign rule Implementation (cont) cmd = ‘bin/echo’ + name 11

  12. Evaluation • Our Goal • Tested against many simple programs • All succeeded • Real World • Not yet • Need complete grammar 12

  13. Conclusion • Succeeded in meeting our design goals ( Standalone, Flexible, Conservative) • Can be used to help programmers find potential security flaws • Can be used to help train programmers to be more aware of security threats. SPICY! Make programming 13

More Related