130 likes | 371 Views
Tabasco. A Static Security Checking Tool for Python. Group 5 Yu Lin Yiting Nan Mike Smoot Jianrong Zhang. OOPS!!!. Example Goes First. #!/usr/cs/contrib/bin/python import os name = raw_input("Please enter you first name: ") command = '/bin/echo ' + name os.system(command).
E N D
Tabasco A Static Security Checking Tool for Python Group 5 Yu Lin Yiting Nan Mike Smoot Jianrong Zhang 1
OOPS!!! Example Goes First #!/usr/cs/contrib/bin/python import os name = raw_input("Please enter you first name: ") command = '/bin/echo ' + name os.system(command) Let name be: ” homer; rm –rf /* ” 2
Motivation Design Goal: Used by programmers to check their programs for potential security risks. Design Principles: • Flexible • Standalone • Static checking • Report potential security violations. 3
Related Work JFLOW Tabasco Rexec Bastion JPython 4
Solution • How? Check security information flow! • Security type environment • Security policy • Defines insecure function calls • Configurable by the user: flexibility! • Type checking rules vs. Environment updating rules 5
Type Checking Rules true --------------------- [literal] A |- literal: secure true -------------------------------- [input] A |-raw_input(S): insecure A |-ExpA: insecure A |-ExpB: insecure oper {+,-,*,/,%,**,|,^,&,<<,>>,<,==,<=,>=,!=} ----------------------------------------------------------------- [expr] A |- (ExpA oper ExpB): insecure 6
Type Checking: Function Calls A |-arg1: secure ... A |-argn: secure ------------------------------------------------- [secure-fun] A |-fun(arg1,...,argn) : secure A |-arg1: insecure .... A |-argn: insecure A |-fun is allowed ----------------------------------------------------- [insecure-fun] A |-fun(arg1,...,argn): insecure 7
Environment Updating Rules var = Expression --------------------------------------------------------------------[assign] A{var = Expression} A[var typeof(A, Expression)] • Also: • [if-else] rule • [while] rule • [for] rule 8
Is x secureorinsecureafter this statement? If-Else Rule # z: insecure if z < 1: x = “Hello!” #x: secure else: x = z #x: insecure A {S1} A1 A {S2} A2 ------------------------------------------------- [if-else] A{ if exp1: S1 else: S2} A1 A2 What isA1 A2? (A1A2) |- var: secure iff A1|-var: secure and A2|-var: secure 9
Implementation • Lex + Yacc • Use symbol table to keep track of variables and their security information • Construct parse trees to propagate security information 10
expr rule stmt expr expr term = cmd cmd cmd term term + term term ‘bin/echo’ ‘bin/echo’ name name assign rule Implementation (cont) cmd = ‘bin/echo’ + name 11
Evaluation • Our Goal • Tested against many simple programs • All succeeded • Real World • Not yet • Need complete grammar 12
Conclusion • Succeeded in meeting our design goals ( Standalone, Flexible, Conservative) • Can be used to help programmers find potential security flaws • Can be used to help train programmers to be more aware of security threats. SPICY! Make programming 13