LaBaSec: Language-based Security       


 Luciano Bello photoMarco Pistoia photo

LaBaSec: Language-based Security - overview

Language-Based Security is the area of research that studies how to enforce application-level security using programming-language and program-analysis techniques. LaBaSec is the Language-Based Security project at the IBM T. J. Watson Research Center. The purpose of LaBaSec is to automate the detection of access-control and information-flow vulnerabilities in software due to coding malpractice or security-policy misconfigurations, study the design and implementation of secure programming languages, promote the correct usage of security Application Programming Interfaces (APIs), and enforcing Digital Rights Management (DRM).

Software security has been traditionally enforced at the level of operating systems. However, operating systems have become increasingly large and complex, making it very difficult, if not impossible, to enforce software security solely through them. Moreover, operating-system security allows dealing primarily with access-control policies on resources such as files and network connections, while attacks may happen at both lower and higher levels of abstraction, and may target the internal behavior of applications. Therefore, defenses must offer protection at the level of applications. LaBaSec focuses on the following areas:
  • Building program analysis tools for automatic identification of access-control and information-flow violations. Many common security flaws can be discovered through static analysis of software code and artifacts. The code of a program can either be in source or binary format. The software artifacts associated with a program may include policy databases, configuration files, deployment descriptors and other metadata that describes the program and its intended operation or security characteristics. Analyzing a program statically may require simultaneously analyzing the code of the program as well as the artifacts associated with it. As part of the LaBaSec project, we have developed a set of static-analysis tools based on the T. J. Watson Library for Analysis (WALA) framework. These tools automate the discovery of information-flow problems, such as integrity and confidentiality violations, as well as access-control-policy misconfigurations.
  • Designing and implementing new programming languages that incorporate security features for better definition and enforcement of access-control and information-flow policies. New programming languages designed with security in mind embed support for security features, such as definition, tracking and enforcement of information-flow and access-control policies.
  • Building static-analysis tools to enforce correct usage of security APIs. Modern run-time environments, such as the Java Runtime, Microsoft .NET Common Language Runtime (CLR) and PHP, offer a number of security APIs for cryptography, access control and information flow. Unfortunately, these APIs are often difficult to use and not well documented. Misusing a security API is something that a compiler or a run-time interpreter may not necessarily catch, and can expose a program to serious security holes. As part of the SAFE project, we have designed and developed a number a number of static-analysis tools that can automatically infer the specification of a library and also detect whether a given specification has been violated. This work has resulted in several conference and journal publications, which have led to two ACM SIGSOFT Distinguished Paper Awards in 2007 and 2008, respectively.
  • Transparently enforcing Digital Rights Management. In the past few years, a number of DRM products have been designed and created that attempt to address the issue of licensing and controlling the distribution of digital contents. In general, the consumer of the digital content is required to install a customized client-side DRM-enabled player. Such a player verifies and enforced the digital rights that a user has acquired. This approach is somewhat limited since it requires the installation of DRM-enabled players on the client system. It is also necessary to provide a different player for every media format (HTML, MPEG, AVI, WAV, etc.), as well as a version of the player for every target client operating environment. We have designed and implemented a lightweight and portable solution that does not require specialized players. In our solution, DRM is enforced at a lower level. For example, for Java players, DRM is enforced by a DRM-enabled Java Virtual Machine (JVM), and for browser plugins, DRM is enforced by the browser itself.

This Web site describes the work that we have conducted in these areas.