(1) Field of Invention
The present invention relates to a system for preventing security flaws in computer source code and, more particularly, to a system for preventing security flaws in untrusted computer source code by implementing information flow security in an existing programming language through use of an information flow security library.
(2) Description of Related Art
Software security assurance aids in designing and implementing software that protects the data and resources contained in and controlled by that software. As software systems grow in complexity and expand support for third-party components (i.e., software components developed to be either freely distributed or sold by an entity other than the original vendor of the development platform), determination of the security properties becomes difficult, if not impossible. Once a component is granted access, the software system cannot easily regulate misuse and propagation of information through computations. Legitimate code may inadvertently pass along malicious or buggy input to sensitive components and/or leak secrets to unauthorized parties, or allow itself to be tricked into such. Furthermore, a malicious code may attempt to do the same while simultaneously covering up its activity.
As static analysis for security becomes standard in the systems development process, it becomes paramount that users adopt robust tools, tailored to the security demands in any product line that interfaces with third-party software.
Prior art in the field of security information flow in software falls into three general categories: dynamic taint analysis, secure information flow compilers, and information flow security libraries for general-purpose programming languages. Dynamic taint analysis instruments program code to detect suspect information flows at runtime, but this is often too late. It requires handling of security exceptions at runtime, which complicates the system and is not always feasible. Moreover, if the design error is only discovered during runtime, it is usually much harder and costlier to fix than if it were discovered earlier during the development process.
Secure information flow compilers detect security flaws at compile-time. However, most require re-implementation of software in a specialized programming language, which is a very expensive proposition. Only a few approaches based on embedding information flow security through a library exist. These approaches enable developers to design a system in existing, general-purpose programming languages that were not specifically designed to support information flow controls.
In the field of information flow security, it is well understood that integrity is a dual to confidentiality. That is, confidentiality can be used to enforce integrity. Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems, while integrity generally refers to the trustworthiness of the data. However, in the presence of source code values that are not instrumented for security analysis (i.e., values not labeled with security types, as would occur when an information flow security library is embedded into a general-purpose language), one needs to interpret integrity differently.
There does not exist, in the prior art, tools for information flow analysis which have all three of the following desired properties: compile-time (static) analysis of the code for security flaws; implementation as an added library for an existing language; and support for integrity where uninstrumented (unlabeled) values are considered to be of low integrity. Thus, a continuing need exists for a system that effectively implements and integrates the aforementioned tools.