The embodiments relate generally to software security and more particularly to extracting code level security specification from source code.
Software often uses code level security routines to secure sensitive data on a system. When a source code is written, a code developer may identify particular data that is sensitive and restrict access to the data from unauthorized users or processing entities using an access control scheme. For example, an access control scheme may include a number of security check functions that, when called, determine whether a subject (i.e., a process entity) is authorized to perform a particular operation (e.g., read or write) on an object (e.g., a data file, an inode, or a socket). An operation on a sensitive object is called a security sensitive operation. Identified security sensitive operations and the security check functions associated with each object are used to define a security specification for a code.
Typically, a code developer identifies sensitive objects and associates security check functions with the sensitive objects when developing the code. When writing the code, the developer inserts a security check function (or a call to a security check function) each time a security sensitive operation path occurs in the code. For example, when a read or write instruction path for a sensitive object occurs in the code (a security sensitive operation), a security check function is inserted into the code. When the security sensitive operation occurs, the security check function is run to determine whether the entity requesting the security sensitive operation is authorized to perform the operation. The security check function authorizes or denies the performance of the operation.
Once code is written the code is reviewed to ensure the security specification are followed and that all security sensitive operations include the performance of a security check function prior to performing each security sensitive operation.