2011-02-16 Security-oriented Program Transformations (Or How to Add Security On Demand), Munawar Hafiz
Security-oriented Program Transformations (Or How to Add Security On Demand)
Speaker: Munawar Hafiz
Wednesday, February 16, 2011
5:30 pm - 6:30 pm (Social Hour / Pizza Provided)
6:30 pm Presentation
Security experts generally believe that, “security cannot be added on, it must be designed from the beginning.” My work shows that retrofitting security does not need to be a massive reengineering effort, nor does it need to be ad hoc.
Security solutions can be added through systematic, general purpose security-oriented program transformations. I have been maintaining a catalog of security-oriented program transformations; so far the catalog contains thirty seven transformations. In this talk, I will describe a few program transformations from the catalog. However, my talk is not so much about any of the specific examples as it is about program transformations in general. These transformations improve the traditional approaches of security engineering and keep software secure in the face of new security threats.
Security-oriented program transformations are not silver bullets; using them requires skill and knowledge of the program being transformed. They are instead power tools that make it easier to add security to existing systems replacing the point solution of a typical patch with a more systematic removal of a vulnerability. When appropriate tools are built and the program transformations are easy enough to apply, then they will allow a software developer to add ‘security on demand’.
Munawar Hafiz is a postdoctoral research associate at University of Illinois at Urbana-Champaign (UIUC). His research interests are software architecture and design, software patterns, program transformations and security. He is currently working on integrating program analysis and program transformation technologies to create a clean and decoupled architecture for building security-oriented program transformation tools for C/C++. He is collaborating with research groups interested in building other transformations for C/C++, especially transformations to enable parallelism. He received his MS in computer science from UIUC and his B.Sc. Engg degree in computer science and engineering from Bangladesh University of Engineering and Technology (BUET).
Subscribe to the Chicago Chapter ACM e-mail list