Plugging Security Holes with Resin

Intruders are relentless, attacking websites for security holes over and over. Programmers can perform security checks, but what's the point if you plug 100 holes but still miss one or two. Which is where "Resin," an automatic security checker developed by researchers at MIT, comes into play.

Resin is a runtime that helps prevent security vulnerabilities by letting programmers specify application-level data flow assertions. Developed by Nickolai Zeldovich, an assistant professor in MIT's Computer Science and Artificial Intelligence Lab, grad students Alexander Yip and Xi Wang, and Professor Frans Kaashoek, Resin checks data-flow assertions by propagating policy objects along with data, then invoking filter objects when data crosses a data-flow boundary, such as when writing data to the network or a file. In other words, it's checking the data instead of the code. Attempts to access the data invoke the checker.

To test Resin, the team modified 12 existing applications written in Python and PHP so that they used the Resin system. The modified applications fended off attacks that exploited known security holes, too.

The PHP prototype involved 5,944 lines of code, with the largest module handling SQL parsing and translation mechanisms at about 2,600 lines. The core data structures and related functions are about 1,100 lines. Most of the remaining 2,200 lines involve propagating and merging policy objects. The Python prototype is only 681 lines of code because it doesn't implement all Resin features, and does not have character-level tracking, persistent policy storage in SQL databases, and Apache static file support. Plus Python uses fewer C libraries, thereby requiring less propagation code. All in all, the prototypes incur a 33% CPU overhead.

-- Jonathan Erickson
jerickson@ddj.com

Posted by Jon Erickson at 11:19 AM  Permalink