Tabasco A Static Security Checking Tool for Python
Tabasco A Static Security Checking Tool for Python Group 5 Yu Lin Yiting Nan Mike Smoot Jianrong Zhang 5/1/2000 1 1
Example Goes First #!/usr/cs/contrib/bin/python import os name = raw_input("Please enter you first name: ") command = '/bin/echo ' + name os. system(command) OOPS!!! Let name be: ” homer; rm –rf /* ” 5/1/2000 2 2
Motivation Design Goal: Used by programmers to check their programs for potential security risks. Design Principles: • Flexible • Standalone • Static checking • Report potential security violations. 5/1/2000 3 3
Related Work 5/1/2000 4 4
Solution • How? Check security information flow! • Security type environment • Security policy – Defines insecure function calls – Configurable by the user: flexibility! • Type checking rules vs. Environment updating rules 5/1/2000 5 5
Type Checking Rules true ----------- [literal] A |- literal: secure true ---------------- [input] A |-raw_input(S): insecure A |-Exp. A: insecure A |-Exp. B: insecure oper {+, -, *, /, %, **, |, ^, &, <<, >>, <, ==, <=, >=, !=} --------------------------------- [expr] A |- (Exp. A oper Exp. B): insecure 5/1/2000 6 6
Type Checking: Function Calls A |-arg 1: secure . . . A |-argn: secure ------------------------- [secure-fun] A |-fun(arg 1, . . . , argn) : secure A |-arg 1: insecure . . A |-argn: insecure A |-fun is allowed --------------------------- [insecure-fun] A |-fun(arg 1, . . . , argn): insecure 5/1/2000 7 7
Environment Updating Rules var = Expression ----------------------------------[assign] A{var = Expression} A[var typeof(A, Expression)] Also: • [if-else] rule • [while] rule • [for] rule 5/1/2000 8 8
If-Else Rule # z: insecure if z < 1: x = “Hello!” else: x=z #x: secure #x: insecure Is x secure or insecure after this statement? A {S 1} A 1 A {S 2} A 2 ------------------------- [if-else] A{ if exp 1: S 1 else: S 2} A 1 A 2 What is A 1 A 2? (A 1 A 2) |- var: secure iff A 1|-var: secure and A 2|-var: secure 5/1/2000 9 9
Implementation • Lex + Yacc • Use symbol table to keep track of variables and their security information • Construct parse trees to propagate security information 5/1/2000 10 10
Implementation (cont) stmt term expr = cmd term assign rule ‘bin/echo’ + expr rule term name cmd = ‘bin/echo’ + name 5/1/2000 11 11
Evaluation • Our Goal – Tested against many simple programs – All succeeded • Real World – Not yet – Need complete grammar 5/1/2000 12 12
Conclusion • Succeeded in meeting our design goals ( Standalone, Flexible, Conservative) • Can be used to help programmers find potential security flaws • Can be used to help train programmers to be more aware of security threats. Make programming 5/1/2000 13 SPICY! 13
- Slides: 13