There is a famous tenet in computer security that a secure system must be designed for security. That is, to build a secure system, security must be a core goal of the implementation from the start of the project to the end of the project.
This goal has always been a challenge to meet. In almost all systems, the focus is the functionality. A system design aims to provide a useful function to its users. Once the function is satisfied, the focus moves to other issues, such as performance and usability, that are more directly seen by the users. Often, security issues are addressed late in the process, and many times after the system has been in useful service for some time, via patches. Only rarely do systems undergo a significant modification for security, such as building a privilege-separated version of OpenSSH.
It is important to note that even the few systems that were designed for security often have trouble maintaining their protections after they are deployed. For example, the Multics operating system is considered to be a system for which security was a main design objective, but as Karger and Schell note in their vulnerability analysis, modifications made to improve usability once Multics was delivered resulted in significant security flaws. Even if one designs for security, maintaining a secure design is difficult.
Research in the first area focused on automatically developing reference monitor interfaces and reference monitor implementations. Such work is integrated with the SELinux reference monitor infrastructure. Research in the second area aims to convert Java programs to valid Jif programs.
Dave King, Somesh Jha, and Trent Jaeger. Effective Blame for Information Flow Violations. Technical Repor NAS-0069-2007, Network and Security Research Center, The Pennsylvania State University. May 2007.
Vinod Ganapathy, Dave King, Trent Jaeger and Somesh Jha. Mining Security-Sensitive Operations in Legacy Code Using Concept Analysis In Proceedings of the 29th International Conference on Software Engineering. May 2007.
Vinod Ganapathy and Trent Jaeger and Somesh Jha. Retrofitting Legacy Code for Authorization Policy Enforcement. In Proceedings of the 2006 IEEE Symposium on Security and Privacy. May 2006.
Vinod Ganapathy and Trent Jaeger and Somesh Jha. Automatic Placement of Authorization Hooks in the Linux Security Modules Framework. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS). November 2005.
Back to Trent Jaeger's Home Page CSE Department Pennsylvania State University