Automating Security Mediation Placement

Abstract

We present a framework that automatically produces sugges- tions to resolve type errors in security-typed programs, enabling legacy code to be retrofit with comprehensive security policy mediation. Re- solving such type errors requires selecting a placement of mediation statements that implement runtime security decisions, such as declas- sifiers and authorization checks. Manually placing mediation statements in legacy code can be difficult, as there may be several, interacting type errors. In this paper, we solve this problem by constructing a graph that has the property that a vertex cut is equivalent to the points at which mediation statements can be inserted to allow the program to satisfy the type system. We build a framework that produces suggestions that are minimum cuts of this graph, and the framework can be customized to find suggestions that satisfy programmer requirements. Our framework implementation for Java programs computes suggestions for 20,000 line programs in less than 100 seconds, reduces the number of locations a programmer must consider by 90%, and selects suggestions similar to those proposed by expert programmers 80% of the time.