Secure Software - The foundation of secure systems

The seminar tries to uncover the basic principles of secure software and secure systems. This will include all levels of software starting with operating systems, languages, frameworks for security and finally application architecture and usability. The following lists technologies and concepts for secure software and systems.

Secure Software

An overview of current problems with secure systems.

Secure Software and Safety

Secure Software and Safety in ppt format

Input Valdidation, filtering and damage control from a theoretical point of view

Grammar, languages, application design, end-to-end dangers of multiple decodings

Attacks, Mitigation and Damage Control - examples and theory

Attacks, Mitigation and Damage Control - examples and theory in ppt format

Basics of secure software and systems

Liveness, Isolation, Authority, Effects, Predictability

Platform Security

Extension problem, privilege modes, closed processes and inversion of control principle. Hardware-less isolation. Call propagation and small surfaces, concurrency algorithms and race conditions , virtulization in software architecture. Singularity and correct installations. Closed processes vs. loader isolation - the problem of devices and environment.

Slides on Platform Security

Slides on Platform Security in ppt format

Java Language Security

Privileged mode as a design problem. Software design impact of sandboxes. Confused deputy reasons. Avoidable? Memory safety, performance considerations. Liveness. Closures for privileged operations. Type safety and dynamic languages (guards). Sandbox design and implications. Stack-walk. Threads and security context.

Enterprise Security

The role of infrastructure security. Secure code problems across software architectures (ending with event-driven systems). Patterns for security as an aspect. end-to-end considerations (where to place checks).

Application Server Security

Framework-Architectures in application servers. Hardening software. Global directories. Subject Delegation techniques


Namespace isolation with class-loader techniques

Web-Service Security

Object based security - a form of capability use?

Mechanisms for secure software construction

Functional languages and closures, object capabilities, security modules and patterns. Microarchitecture (assignment etc.) anti-patterns (global, ambient), states and pairwise methods in software. Aspects?

Failure Analysis

From failures to software architecture defects. Hobbles and patches. Tainting in software.

Secure Application Architecture

Ideas for a new browser architecture without ambient authority. Software patterns for secure delegation of authority. Powerbox and isolation. Object Capabilities in virtual reality.

Usability and Security

Ideas for new User Interfaces for systems without ambient authority. No secure software through admonition. Intentions and abstractions. Why address is a system object.

Formal Approaches for secure software

ACLs and the halting problem. Modelling of take/grant systems. Model-checking and logic. Liveness vs. correctness.

To-do list

  1. Read paper for next session

  2. Use knowledge from paper to discuss and enhance the problem case in the next session.

  3. Pick one topic which was fascinating and write a 10 page pager on it


  1. Martin Scheffler, Object-Capability Security in Virtual Environments, Short paper for VR2008 Diploma thesis

  2. Galen Hunt, Mark Aiken, Sealing OS Processes to Improve Dependability and Safety

  3. Tobin Murray, Gavin Lowe, Authority Analysis for Least Privilege Environments

  4. Fabian Nilius, Das gefürchtete Lambda-Kalkül - eine Einführung

  5. Mark Miller, Strong Composition (diss.)

  6. Fred Spiessens, Patterns of Collaboration (diss.)

  7. Object Capaility Micro Kernel OKL4 and SEL4, OKL4 and SEL4

  8. Emmanuel Bernard, JSR 303 Bean Validation Specification, Interview on the new validation framework (technology-independent, i18n-enabled, contraint-processing framework)

Paper Ideas

  1. Security Aspects of IOC Architectures and Virtualization

  2. Namespace isolation with class loaders and their problems

  3. Privilege Mode Interfaces as a software design challenge

  4. A new browser security architecture in software

  5. Reachability Analysis in software

  6. An overview of authority reduction and control concepts

  7. Type safety in dynamic languages

  8. Applying the concept of tainting to browser security

  9. New security and safety abstractions for usable and secure systems

  10. Initial Rights and access to the environment: a problem for capability systems?

  11. New security building blocks for restricted authority

  12. The use of closures for secure software

  13. Virtualization architectures for classic software problems like multi-client applications.

  14. How to build secure extension frameworks - or how to avoid the windows/IE/Firefox trap.

  15. Model-checking approaches for liveness problems.

  16. Security Analysis of a real software product.

  17. Classic concurrency techniques - examples for bad and unsecure software?

  18. A conceptual framework for high-level representations of legal constructs in software (contract, ticket, power-of-attorney)

  19. Security in dynamic languages - ideas for smalltalk etc. Is flexibility the same as unsafety? is there a problem with sealed processess (Microsoft Singularity).

  20. Confused deputy or separating designation and authority - remedies for open(Filename)?

  21. Model of a secure software update process that respects user expectations and avoids ambient authoriy

  22. You name it!

  23. Secure Micro kernal architectures like OKL4 and SEL4