Title: CS655: Programming Languages
1Tabasco
A Static Security Checking Tool for Python
- Group 5
- Yu Lin
- Yiting Nan
- Mike Smoot
- Jianrong Zhang
2Example Goes First
- !/usr/cs/contrib/bin/python
- import os
- name raw_input("Please enter you first name ")
- command '/bin/echo ' name
- os.system(command)
Let name be homer rm rf /
3Motivation
Design Goal Used by programmers to check their
programs for potential security risks.
- Design Principles
- Flexible
- Standalone
- Static checking
- Report potential security violations.
4Related Work
JFLOW
Tabasco
Rexec Bastion JPython
5Solution
- How? Check security information flow!
- Security type environment
- Security policy
- Defines insecure function calls
- Configurable by the user flexibility!
- Type checking rules vs. Environment updating
rules
6Type Checking Rules
true --------------------- literal A
- literal secure
true ---------------------------
----- input A -raw_input(S)
insecure
A -ExpA insecure ? A -ExpB
insecure oper ? ,-,,/,,,,,,ltlt,gtgt,lt
,,lt,gt,! -------------------------------
---------------------------------- expr
A - (ExpA oper ExpB) insecure
7Type Checking Function Calls
A -arg1 secure ? ... ? A -argn
secure --------------------------------
----------------- secure-fun A
-fun(arg1,...,argn) secure
A -arg1 insecure ? .... ? A -argn
insecure A -fun is allowed
--------------------------------------------------
--- insecure-fun A
-fun(arg1,...,argn) insecure
8Environment Updating Rules
var
Expression ---------------------------------------
-----------------------------assign Avar
Expression Avar ? typeof(A, Expression)
-
- Also
- if-else rule
- while rule
- for rule
9If-Else Rule
z insecure if z lt 1 x Hello!
x secure else x z
x insecure
A S1 A1
A S2 A2
-------------------------------------------------
if-else A if exp1 S1
else S2 A1? A2 What is A1? A2?
(A1?A2) - var secure iff A1-var secure and
A2-var secure
10Implementation
- Lex Yacc
- Use symbol table to keep track of variables and
their security information - Construct parse trees to propagate security
information
11Implementation (cont)
cmd bin/echo name
12Evaluation
- Our Goal
- Tested against many simple programs
- All succeeded
- Real World
- Not yet
- Need complete grammar
13Conclusion
- Succeeded in meeting our design goals
- ( Standalone, Flexible, Conservative)
- Can be used to help programmers find potential
security flaws - Can be used to help train programmers to be more
aware of security threats.
SPICY!
Make programming