STAR*Lab Computational Security Attributes

Principal Investigator: Gwendolyn Walton

Problem Addressed

Security strategies must be sufficiently dynamic to keep pace with organizational and technical change. However, in the current state of practice, security properties of software systems are often assessed through labor-intensive human evaluation. The results can be of limited value in the dynamics of system operation where threat environments and security attributes can change quickly. The Computational Security Attributes project takes a fundamentally different approach, focusing on the question “What can be computed with respect to security attributes?” to develop theory-based foundations for defining and computing attribute values with mathematical precision [1].

The ultimate goal of the project is to provide foundations to help transform security engineering into a theory-based computational discipline. Achieving this goal will require development of mathematical foundations and corresponding automation to permit both rigorous evaluation and improvement of security attributes of software during development and real-time evaluation of security performance during operation.

Research Approach

The problem of determining the security properties of programs comes down in large measure to the question of how they behave when invoked with stimuli intended to cause harmful outcomes. Thus, the first step in security analysis is to understand program behavior at a level of completeness and correctness that is generally impractical with current technology. The emergence of STAR*Lab’s new function extraction (FX) technology, unavailable to previous researchers, provides the basis for this critical first step by computing the functional behavior of programs as a starting point for security analysis. The foundations of FX treat programs as rules for mathematical functions or relations that can be computed from program logic. These foundations can be generalized to accommodate what are often termed non-functional properties, in this case security properties, but which in reality exhibit functional characteristics amenable to computational approaches [2].

Automated evaluation of software security attributes consists of three major steps:

1. Specify security attributes in terms of required functional behavior for the operational environment of the software.
   
2. Apply FX technology to the software to compute a behavior database that specifies its as-built functional behavior.
   
3. Perform computational analysis to verify that the behavior is correct with respect to required security attribute behavior.
   

• A rigorous method is used to specify security attributes in terms of the actual behavior of code during execution.
  
• The security properties of code can be checked through analysis of computed behavior.
  
• The specified security behaviors provide requirements for a security architecture.
  
• Vulnerabilities can be better understood, making it easier to address evolution of code and its usage environment.
  
• The use of constraints provides a mechanism for explicitly defining all assumptions.
  

References

[2] Walton, G.; Longstaff, T.; & Linger, R. Technology Foundations for Computational Evaluation of Software Security Attributes (CMU/SEI-2006-TR-021). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06tr021.cfm.