Advertisement

Idea: Usable Platforms for Secure Programming – Mining Unix for Insight and Guidelines

  • Sven TürpeEmail author
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9639)

Abstract

Just as security mechanisms for end users need to be usable, programming platforms and APIs need to be usable for programmers. To date the security community has assembled large catalogs of dos and don’ts for programmers, but rather little guidance for the design of APIs that make secure programming easy and natural. Unix with its setuid mechanism lets us study usable security issues of programming platforms. Setuid allows certain programs to run with higher privileges than the user or process controlling them. Operating across a privilege boundary entails security obligations for the program. Obligations are known and documented, yet developers often fail to fulfill them. Using concepts and vocabulary from usable security and usability of notations theory, we can explain how the Unix platform provokes vulnerabilities in such programs. This analysis is a first step towards developing platform design guidelines to address human factors issues in secure programming.

Keywords

Secure Programming Child Process Regular Program Programming Platform Usable Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Apple Inc.: Secure Coding Guide, 2014-02-11 edn. (2006–2014). https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/
  2. 2.
    Arnold, K.: Programmers are people, too. ACM Queue 3(5), 54–59 (2005)CrossRefGoogle Scholar
  3. 3.
    Bishop, M.: How to write a setuid program. Login 12(1), 5–11 (1987)Google Scholar
  4. 4.
    Cappos, J., Zhuang, Y., Oliveira, D., Rosenthal, M., Yeh, K.C.: Vulnerabilities as blind spots in developer’s heuristic-based decision-making processes. In: Proceedings of New Security Paradigms Workshop, NSPW 2014, pp. 53–62. ACM, New York, NY, USA (2014)Google Scholar
  5. 5.
    Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: USENIX Security Symposium, pp. 171–190 (2002)Google Scholar
  6. 6.
    Crandall, J.R., Oliveira, D.: Holographic vulnerability studies: vulnerabilities as fractures in interpretation as information flows across abstraction boundaries. In: Proceedings of New Security Paradigms Workshop, NSPW 2012, pp. 141–152. ACM, New York, NY, USA (2012)Google Scholar
  7. 7.
    Dittmer, M.S., Tripunitara, M.V.: The unix process identity crisis: a standards-driven approach to setuid. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 1391–1402. ACM, New York, NY, USA (2014)Google Scholar
  8. 8.
    Esser, S.: OS X 10.10 \({\rm DYLD}\_{\rm PRINT}\_{\rm TO}\_{\rm FILE}\) local privilege escalation vulnerability. https://www.sektioneins.de/blog/15-07-07-dyld_print_to_file_lpe.html (2015)
  9. 9.
    Free Software Foundation Inc: The GNU C Library Reference Manual, glibc 2.22 edn, August 2015. https://www.gnu.org/software/libc/manual/
  10. 10.
    Garfinkel, S., Spafford, G., Schwartz, A.: Practical UNIX and Internet Security, 3rd edn. O’Reilly Media, Sebastopol (2003)Google Scholar
  11. 11.
    Green, T.R.G., Petre, M.: Usability analysis of visual programming environments: a ‘cognitive dimensions’ framework. J. Vis. Lang. Comput. 7(2), 131–174 (1996)CrossRefGoogle Scholar
  12. 12.
    Oliveira, D., Rosenthal, M., Morin, N., Yeh, K.C., Cappos, J., Zhuang, Y.: It’s the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer’s blind spots. In: Proceedings of 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 296–305. ACM, New York, NY, USA (2014)Google Scholar
  13. 13.
    Stevens, W.R.: Advanced Programming in the UNIX Environment. Addison-Wesley Publishing Company, Reading (1992)zbMATHGoogle Scholar
  14. 14.
    Tsafrir, D., Da Silva, D., Wagner, D.: The murky issue of changing process identity: revising “setuid demystified”. Login 33(3), 55–66 (2008)Google Scholar
  15. 15.
    Türpe, S.: Point-and-shoot security design: can we build better tools for developers? In: Proceedings of New Security Paradigms Workshop, NSPW 2012, pp. 27–42. ACM, New York, NY, USA (2012)Google Scholar
  16. 16.
    Wurster, G., van Oorschot, P.C.: The developer is the enemy. In: Proceedings of New Security Paradigms Workshop, NSPW 2008, pp. 89–97. ACM, New York, NY, USA (2008)Google Scholar
  17. 17.
    Yee, K.-P.: User interaction design for secure systems. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278–290. Springer, Heidelberg (2002). doi: 10.1007/3-540-36159-6_24CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Fraunhofer Institute for Secure Information Technology SITDarmstadtGermany

Personalised recommendations