Overview
My research advisor was Dr.Trent Jaeger and I was part of the SIIS lab. My research interest combines security and programming languages and the focus of my thesis was on techniques to retrofit programs for security mediation. In addition, I have also worked on resolving errors in security policies in distributed systems and in ensuring integrity of applications in linux based mobile phones. I spent the summer of 2012 at HP Labs, Bristol and the summer of 2013 at HP Fortify in Sunnyvale, where I worked on techniques to automate the placement of authorization hooks into the Fortify Source Code Analyser.
Automating Authorization Hook Placement
When servers manage resources on behalf of multiple, mutually distrusting clients, they must mediate access to those resources to ensure that each client request complies with an authorization policy. This goal is typically achieved by placing authorization hooks at appropriate locations in server code. The goal of authorization hook placement is to completely mediate all security-sensitive operations on shared resources. To date, authorization hook placement in code bases, such as the X server and postgresql, has largely been a manual procedure, driven by informal analysis of server code and discussions on developer forums. Often, there is a lack of consensus about basic concepts, such as what constitutes a security-sensitive operation. In this work, we propose an automated hook placement approach that is motivated by a novel observation that the deliberate choices made by clients for objects from server collections and for processing those objects must all be authorized. We have built a tool that uses this observation to statically analyze the server source. Using real-world examples (the X server and postgresql), we show that the hooks placed by our method are just as effective as hooks that were manually placed over the course of years while greatly reducing the burden on programmers.
- [CCS2012] Leveraging `Choice' to Automate Authorization Hook Placement, Divya Muthukumaran; Trent Jaeger; Vinod Ganapathy; in Proceedings of CCS 2012, Raleigh, North Carolina, Oct 2012. [BIB]
- [ESSOS2015] Producing Hook Placements To Enforce Expected Access Control Policies, Divya Muthukumaran, Nirupama Talele, Trent Jaeger and Gang Tan, to be included in Proceedings of ESSOS 2015.
Transforming Commodity Security Policies to Enforce Clark-Wilson Integrity
Modern distributed systems are composed from several off-the-shelf components, including operating systems, virtualization infrastructure, and application packages, upon which some custom application software (e.g., web application) is often deployed. While several commodity systems now include mandatory access control (MAC) enforcement to pro- tect the individual components, the complexity of such MAC policies and the myriad of possible interactions among individual hosts in distributed systems makes it difficult to identify the attack paths available to adversaries. As a result, security practitioners react to vulnerabilities as adversaries uncover them, rather than proactively protecting the system's data integrity. In this paper, we develop a mostly-automated method to transform a set of commodity MAC policies into a system-wide policy that proactively protects system integrity, approximating the Clark-Wilson integrity model. The method uses the insights from the Clark-Wilson model , which requires integrity verification of security-critical data and mediation at program entrypoints, to extend existing MAC policies with the proactive mediation necessary to protect system integrity. We demonstrate the practicality of producing Clark-Wilson policies for distributed systems on a web application running on virtualized Ubuntu SELinux hosts, where our method finds: (1) that only 27 additional entrypoint mediators are sufficient to mediate the threats of remote adversaries over the entire distributed system and (2) and only 20 additional local threats require mediation to approximate Clark-Wilson integrity comprehensively. As a result, available security policies can be used as a foundation for proactive integrity protection from both local and remote threats.
- [ACSAC2012] Transforming Commodity Security Policies to Enforce Clark-Wilson Integrity, Divya Muthukumaran; Sandra Rueda; Nirupama Talele; Hayawardh Vijayakumar; Trent Jaeger; Jason Teutsch; Nigel Edwards, in proceedings of ACSAC 2012, Orlando, Florida, Dec 2012.[BIB]
- [SafeConfig2010] Cut Me Some Security, Divya Muthukumaran, Sandra Rueda, Hayawardh Vijayakumar and Trent Jaeger, in proceedings of SafeConfig 2010, Chicago, Oct 2010.[BIB]