Marc-André Laverdière

Security Design Patterns: Survey and Evaluation

Security design patterns have been proposed recently as a tool for the improvement of software security during the architecture and design phases. Since the appearance of this research topic in 1997, several catalogs have emerged, and the security pattern community has produced significant contributions, with many related to design. In this paper, we survey major contributions in the state of the art in the field of security design patterns and assess their quality in the context of an established classification. From our results, we determined a classification of inappropriate pattern qualities. Using a six sigma approach, we propose a set of desirable properties that would prevent flaws in new design patterns, as well as a template for expressing them

An aspect-oriented approach for the systematic security hardening of code

In this paper, we present an aspect-oriented approach for the systematic security hardening of source code. It aims at allowing developers to perform software security hardening by providing an abstraction over the actions required to improve the security of the program. This is done by giving them the capabilities to specify high-level security hardening plans that leverage a priori defined security hardening patterns. These patterns describe the required steps and actions to harden security code, including detailed information on how and where to inject the security code. We show the viability and relevance of our approach by: (1) elaborating security hardening patterns and plans to common security hardening practices, (2) realizing these patterns by implementing them into aspect-oriented languages, (3) applying them to secure applications, (4) testing the hardened applications. Furthermore, we discuss, in this paper, our insights on the appropriateness, strengths and limitations of the aspect-oriented paradigm for security hardening.

Towards an Aspect Oriented Approach for the Security Hardening of Code

In this paper, we present an approach revolving around aspect-oriented software development (AOSD) for the systematic security hardening of source code. It provides an abstraction over the actions required to improve the security of the program. Security architects can specify high level security hardening plans that leverages a priori defined security hardening patterns. These patterns describe the steps and actions required for hardening, including detailed information on how and where to inject the security code. We show the viability and relevance of our approach by: (1) Elaborating security hardening patterns and plans to common security hardening practices, (2) realizing these patterns by implementing them into aspect oriented languages, (3) applying them to secure applications, (4) testing the hardened applications.

A High-level Aspect-oriented-based Framework for Software Security Hardening

ABSTRACT In this paper, we present an aspect-oriented approach and propose a high-level language called SHL (Security Hardening Language) for the systematic security hardening of software. The primary contribution of this proposition is providing the software architects with the capabilities to perform security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. At the same time, the security hardening is applied in an organized and systematic way in order not to alter the original functionalities of the software. This is done by providing an abstraction over the actions required to improve the security of a program and adopting aspect-oriented programming to build and develop the solutions. SHL allows the developers to describe and specify the security hardening plans and patterns needed to harden systematically security into open source software. It is a minimalist language built on top of the current aspect-oriented technologies that are based on advice-poincut model and can also be used in conjunction with them. We explore the viability and relevance of our proposition by applying it into several security hardening case studies and presenting their experimental results.

Security hardening of open source software

In this paper, we define the concept of software security hardening, which will allow the developers and maintainers to deploy and harden security features and remedy present vulnerabilities and threats into existing open source software. We also propose a classification of the different levels at which the hardening can be applied and a methodology for hardening of high level security into applications based on a well-defined security ontology. In addition to this contribution, we elaborate the methods for hardening security vulnerabilities found in C according to the classification we propose. 1. Motivations & Background In todays computing world, security takes an increasingly predominant role. The industry is facing challenges in public confidence at the discovery of vulnerabilities, and customers are expecting security to be delivered out of the box, even on programs that were not designed with security in mind. Software maintainers must face the challenge, today, to improve the security of their programs, and are often under-equipped to do so. Some countries are taking advantage of open source software for their production systems as the availability of the source code facilitates their validation and answers their need for trustworthy programs. Open source software are typically implemented using the C programming language 1 and, as such, it is necessary to investigate the security issues related to C. This paper provides the first academic attempt at security hardening, and demonstrates its applicability on the C language. We refer to the process of integrating security ∗This research is the result of a fruitful collaboration between the computer security Laboratory of Concordia University, DRDC-Valcartier National Defense Canada and Bell Canada thanks to a grant under the NSERC/DND Research Partnership Program. 1according to SourceForge.net statistics, 26.22% of open source projects at “Production” and “Mature” levels are written in C [7] into existing software as security hardening, as this practice often refers to modifying the program in a way that makes it more resistant against attacks. In the current context, it becomes increasingly important to provide tools to maintainers that will facilitate and accelerate the security hardening process, increasing the effectiveness of the effort and lowering the resources required to do so. The rest of this paper is organized as follows. In section 2, we introduce the important contributions on the field of secure programming. Afterwards, in section 3, we define security hardening and propose a classification of its different levels. In section 4, we present a methodology for high level security hardening based on a well-defined security ontology. In section 5, we elaborate the methods of hardening against vulnerabilities related to C programs, structured according to our classification. Finally, we offer concluding remarks in section 6.

Taxonomy of Linux Kernel Vulnerability Solutions

This paper presents the results of a case study on software vulnerability solutions in the Linux kernel. Our major contribution is the introduction of a classification of methods used to solve vulnerabilities. Our research shows that error handling, redesign, and precondition validation are the most used methods in solving vulnerabilities in the Linux kernel. This contribution is accompanied with statistics on the occurrence of the different types of vulnerabilities and their solutions that we observed during our case study, combined with example source code patches. We also combine our findings with existing programming guidelines to create the first security-oriented coding guidelines for the Linux kernel.

New aspect-oriented constructs for security hardening concerns

In this paper, we present new pointcuts and primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a programs control-flow graph (CFG). The first one is the GAFlow, Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointcut of interest. The two proposed primitives are called ExportParameter and ImportParameter and are used to pass parameters between two pointcuts. They allow to analyze a programs call graph in order to determine how to change function signatures for passing the parameters associated with a given security hardening. We find these pointcuts and primitives to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing ones can provide their functionalities. Moreover, we show the viability and correctness of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies.

Control Flow Based Pointcuts for Security Hardening Concerns

In this paper, we present two new control flow based point-cuts to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. They allow to identify particular join points in a program’s control flow graph (CFG). The first proposed primitive is the GAFlow, the closest guaranteed ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second proposed primitive is the GDFlow, the closest guaranteed descendant, which returns the closest child join point that can be reached by all paths starting from the pointcuts of interest. We find these pointcuts to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing pointcuts can provide their functionalities. Moreover, we show the viability and correctness of our proposed pointcuts by elaborating and implementing their algorithms and presenting the results of a testing case study.

Security Evaluation and Hardening of Free and Open Source Software (FOSS)

Recently, Free and Open Source Software (FOSS) has emerged as an alternative to Commercial-Off- The-Shelf (COTS) software. Now, FOSS is perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and numerous advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very challenging and demanding. Methodologies and technical policies must be adapted to reliably compose large FOSS-based software systems. A DRDC Valcartier-Concordia University feasibility study completed in March 2004 concluded that the most promising approach for securing FOSS is to combine advanced design patterns and Aspect-Oriented Programming (AOP). Following the recommendations of this study a three years project have been conducted as a collaboration between Concordia University, DRDC Valcartier, and Bell Canada. This paper aims at presenting the main contributions of this project. It consists of a practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS.

Nouveaux points de coupure et primitives pour les préoccupations de renforcement de sécurité

In this pauper, we present two new pointcuts and two new primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a progiams control flow graph (CFG). The first one is the GAFlow, the Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, the Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointculs of interest. The two proposed primitives are called ExportParameter and ImportParameter and are used to pass parameters between two pointcuts.