The seminar tries to uncover the basic principles of secure software and secure systems. This will include all levels of software starting with operating systems, languages, frameworks for security and finally application architecture and usability. The following lists technologies and concepts for secure software and systems.
An overview of current problems with secure systems.
Grammar, languages, application design, end-to-end dangers of multiple decodings
Liveness, Isolation, Authority, Effects, Predictability
Extension problem, privilege modes, closed processes and inversion of control principle. Hardware-less isolation. Call propagation and small surfaces, concurrency algorithms and race conditions , virtulization in software architecture. Singularity and correct installations. Closed processes vs. loader isolation - the problem of devices and environment.
Privileged mode as a design problem. Software design impact of sandboxes. Confused deputy reasons. Avoidable? Memory safety, performance considerations. Liveness. Closures for privileged operations. Type safety and dynamic languages (guards). Sandbox design and implications. Stack-walk. Threads and security context.
The role of infrastructure security. Secure code problems across software architectures (ending with event-driven systems). Patterns for security as an aspect. end-to-end considerations (where to place checks).
Application Server Security
Framework-Architectures in application servers. Hardening software. Global directories. Subject Delegation techniques
Namespace isolation with class-loader techniques
Object based security - a form of capability use?
Functional languages and closures, object capabilities, security modules and patterns. Microarchitecture (assignment etc.) anti-patterns (global, ambient), states and pairwise methods in software. Aspects?
From failures to software architecture defects. Hobbles and patches. Tainting in software.
Ideas for a new browser architecture without ambient authority. Software patterns for secure delegation of authority. Powerbox and isolation. Object Capabilities in virtual reality.
Ideas for new User Interfaces for systems without ambient authority. No secure software through admonition. Intentions and abstractions. Why address is a system object.
ACLs and the halting problem. Modelling of take/grant systems. Model-checking and logic. Liveness vs. correctness.
Read paper for next session
Use knowledge from paper to discuss and enhance the problem case in the next session.
Pick one topic which was fascinating and write a 10 page pager on it
Galen Hunt, Mark Aiken et.al., Sealing OS Processes to Improve Dependability and Safety
Tobin Murray, Gavin Lowe, Authority Analysis for Least Privilege Environments
Fabian Nilius, Das gefürchtete Lambda-Kalkül - eine Einführung
Mark Miller, Strong Composition (diss.)
Fred Spiessens, Patterns of Collaboration (diss.)
Emmanuel Bernard, JSR 303 Bean Validation Specification, Interview on the new validation framework (technology-independent, i18n-enabled, contraint-processing framework)