Developing programs that securely implement complex functionality when executed on a conventional operating system is a near-impossible task. If an attacker compromises any module of a program that must be trusted,  then the attacker typically has the privilege to perform arbitrary operations on the host system. To resolve this issue, the operating-systems community has, in recent years, proposed privilege-aware operating systems that allow programs to explicitly manage the privileges of each module. The developers of such systems have both rewritten complex programs originally written for conventional operating systems and written original programs that apply primitives provided by these operating system to satisfy strong security properties.  However, to date, such operating systems have not been adopted by developers outside the development community of each system. Moreover, even the system's own developers often write programs for their system that they believe to be correct, only to realize later through testing that the rewritten program is insecure or does not demonstrate desired functionality of the original program.  

In this talk we will examine the challenges in rewriting programs for such privilege-aware systems, and present techniques for automatically rewriting programs for such systems. The work addresses the problem of rewriting a program to satisfy a high-level policy on a privilege-aware system, a problem we call the policy-weaving problem. We describe our preliminary work in designing and developing policy weavers, which are algorithms that solve the policy-weaving problem for particular systems. In particular, we present previous work in designing a policy weaver for one privilege-aware system, the Flume decentralized information control operating system. We then present ongoing work in designing a policy-weaver generator, which takes a description of a privilege-aware system, and constructs a policy-weaver for the system. Finally, we describe future work in generalizing the weaver-generator to generate weavers that solve more general, practical classes of policy-weaving problems.

 Somesh Jha received his B.Tech from Indian Institute of Technology, New Delhi in Electrical Engineering. He received his Ph.D. in Computer Science from Carnegie Mellon University in 1996. Currently, Somesh Jha is a Professor in the Computer Sciences Department at the University of Wisconsin (Madison), which he joined in 2000. His work focuses on analysis of security protocols, survivability analysis, intrusion detection, formal methods for security, and analyzing malicious code.  Recently he has also worked on privacy-preserving protocols. Somesh Jha has published over 100 articles in highly-refereed conferences and prominent journals. He has won numerous best-paper awards. Somesh  also received the NSF career award in 2005.