Security and Software Engineering

Software systems are permeating every facet of our society, making security breaches costlier than ever before. At the same time, as software systems grow in complexity, so does the difficulty of ensuring their security. As a result, the problem of securing software, in particular software that controls critical infrastructure, is growing in prominence. Software engineering community has developed numerous approaches for promoting and ensuring security of software. In fact, many security vulnerabilities are effectively avoidable through proper application of well-established software engineering principles and techniques. In this chapter, we first provide an introduction to the principles and concepts in software security from the standpoint of software engineering. We then provide an overview of four categories of approaches for achieving security in software systems, namely, static and dynamic analyses, formal methods, and adaptive mechanisms. We introduce the seminal work from each area and intuitively demonstrate their applications on several examples. We also enumerate on the strengths and shortcomings of each approach to help software engineers with making informed decisions when applying these approaches in their projects. Finally, the chapter provides an overview of the major research challenges from each approach, which we hope to shape the future research efforts in this area.

[1]  Richard N. Taylor,et al.  A connector-centric approach to architectural access control , 2006 .

[2]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[3]  Sarfraz Khurshid,et al.  Automated Generation of Oracles for Testing User-Interaction Features of Mobile Apps , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[4]  David W. Binkley,et al.  Source Code Analysis: A Road Map , 2007, Future of Software Engineering (FOSE '07).

[5]  David Hovemeyer,et al.  Finding bugs is easy , 2004, SIGP.

[6]  Alireza Sadeghi,et al.  Practical, Formal Synthesis and Automatic Enforcement of Security Policies for Android , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[7]  J. S. Moore,et al.  ACL2: an industrial strength version of Nqthm , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[8]  Hamed Okhravi,et al.  Creating a cyber moving target for critical infrastructure applications using platform diversity , 2012, Int. J. Crit. Infrastructure Prot..

[9]  Hamid Bagheri,et al.  Bottom-up model-driven development , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[10]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[11]  Bradley R. Schmerl,et al.  Rainbow: Architecture-Based Self-Adaptation with Reusable Infrastructure , 2004, Computer.

[12]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[13]  Tahina Ramananandro,et al.  Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method , 2007, Formal Aspects of Computing.

[14]  Sam Malek,et al.  A Systematic Survey of Self-Protecting Software Systems , 2014, ACM Trans. Auton. Adapt. Syst..

[15]  David Brumley,et al.  AEG: Automatic Exploit Generation , 2011, NDSS.

[16]  Michael D. Ernst Invited Talk Static and dynamic analysis: synergy and duality , 2004, PASTE '04.

[17]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[18]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[19]  Zhenkai Liang,et al.  Automatically Identifying Trigger-based Behavior in Malware , 2008, Botnet Detection.

[20]  S. Rajamani,et al.  A decade of software model checking with SLAM , 2011, Commun. ACM.

[21]  Richard N. Taylor,et al.  A Secure Software Architecture Description Language , 2005 .

[22]  A. Prasad Sistla,et al.  Automatic verification of finite state concurrent system using temporal logic specifications: a practical approach , 1983, POPL '83.

[23]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[24]  Yennun Huang,et al.  Software rejuvenation: analysis, module and applications , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[25]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[26]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[27]  Gary McGraw Automated Code Review Tools for Security , 2008 .

[28]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[29]  Mark Harman,et al.  The Oracle Problem in Software Testing: A Survey , 2015, IEEE Transactions on Software Engineering.

[30]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[31]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[32]  Alireza Sadeghi,et al.  COVERT: Compositional Analysis of Android Inter-App Permission Leakage , 2015, IEEE Transactions on Software Engineering.

[33]  Joseph Tassarotti,et al.  RockSalt: better, faster, stronger SFI for the x86 , 2012, PLDI.

[34]  Rogério de Lemos,et al.  Software Engineering for Self-Adaptive Systems [outcome of a Dagstuhl Seminar] , 2009, Software Engineering for Self-Adaptive Systems.

[35]  Gregory D. Dennis A relational framework for bounded program verification , 2009 .

[36]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[37]  Richard N. Taylor,et al.  Architectural support for trust models in decentralized applications , 2006, ICSE.

[38]  Peyman Oreizy,et al.  Architecture-based runtime software evolution , 1998, Proceedings of the 20th International Conference on Software Engineering.

[39]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[40]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[41]  Rajiv Gupta,et al.  An approach to regression testing using slicing , 1992, Proceedings Conference on Software Maintenance 1992.

[42]  David Brumley,et al.  Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.

[43]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[44]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[45]  Richard N. Taylor,et al.  Software architecture: foundations, theory, and practice , 2009, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[46]  Arun K. Sood,et al.  Combining intrusion detection and recovery for enhancing system dependability , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[47]  Koushik Sen,et al.  Concolic testing , 2007, ASE.

[48]  Erik Meijer Your mouse is a database , 2012, CACM.

[49]  Kristina Lundqvist,et al.  Formal Software Verification: Model Checking and Theorem Proving , 2007 .

[50]  Gerardo Canfora,et al.  New Frontiers of Reverse Engineering , 2007, Future of Software Engineering (FOSE '07).

[51]  David Brumley,et al.  Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[52]  Nikolai Tillmann,et al.  Fitness-guided path exploration in dynamic symbolic execution , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[53]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[54]  Bradley R. Schmerl,et al.  Architecture-based self-protecting software systems , 2013, QoSA '13.

[55]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[56]  Andreas Zeller,et al.  Mutation-Driven Generation of Unit Tests and Oracles , 2012, IEEE Trans. Software Eng..

[57]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[58]  Daniel Kroening,et al.  Behavioral consistency of C and Verilog programs using bounded model checking , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[59]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[60]  Hamid Bagheri,et al.  Model-driven synthesis of formally precise, stylized software architectures , 2016, Formal Aspects of Computing.

[61]  Sam Malek,et al.  Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification , 2015, FM.

[62]  David Garlan,et al.  Rainbow: architecture-based self-adaptation with reusable infrastructure , 2004 .

[63]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[64]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[65]  Shang Gao,et al.  VASP: virtualization assisted security monitor for cross-platform protection , 2011, SAC.

[66]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[67]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[68]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[69]  Mary Jean Harrold,et al.  Empirical evaluation of the tarantula automatic fault-localization technique , 2005, ASE.

[70]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[71]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[72]  Gordon Fraser,et al.  CrowdOracles: Can the Crowd Solve the Oracle Problem? , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[73]  Samir Ouchani,et al.  Specification, verification, and quantification of security in model-based systems , 2015, Computing.

[74]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[75]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[76]  Bradley R. Schmerl,et al.  Evaluating the effectiveness of the Rainbow self-adaptive system , 2009, 2009 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems.

[77]  Tim Schmitz,et al.  Improving Web Application Security Threats And Countermeasures , 2016 .

[78]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[79]  Andrian Marcus,et al.  Identification of high-level concept clones in source code , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[80]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.