MOPS an Infrastructure for Examining Security Properties of拖把基础设施安全性能检查.pptVIP

MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications Security, 2002 Presented by Peter Matthews Software Vulnerabilities Several causes Certain bugs like buffer overflows may be avoided by use of a type-safe language or use of bounds-checking libraries Another class of security bugs involve misuse of higher level semantics Many OS system calls have implicit constraints on how they should be called If this is not done, vulnerabilities may be introduced This the class MOPS addresses An example // Current directory is “/var/ftp/” chroot(“/var/ftp/pub”); chdir(“/var/ftp/pub”); filename= read_from_network(); fd = open(filename, O_RDONLY); Temporal Safety Properties Dictates the order of a sequence of security-relevant operations Can encode many rules of secure programming Violating such properties may render a program vulnerable to attack Manual checking difficult in large programs Detecting violations of these properties or verifying the satisfaction of them would significantly help reduce the frequency of software vulnerabilities MOPS A program analysis tool that allows one to make temporal safety properties explicit and verify whether they are properly respected by source code Determines any execution path through a program that may violate a security property Uses techniques from model checking and program analysis to do so (Very) Short Formal Model Review Finite State Automaton (FSA) Pushdown Automaton (PDA) Adds a stack, and allows transitions to interact with this stack Formal Model : The set of security-relevant operations : All sequences of security operations that violate the security property : The set of all feasible execution paths of the program Assume that B is a regular language There exists a FSA, M, that accepts B Assume that T is a context-free language There exists a PDA, P, that accepts T For