Producing Hook Placements to Enforce Expected Access Control Policies

Abstract

Abstract. Many security-sensitive programs manage resources on behalf of mu-tually distrusting clients. To control access to resources, authorization hooks are placed before operations on those resources. Manual hook placements by pro-grammers are often incomplete or incorrect, leading to insecure programs. We advocate an approach that automatically identifies the set of locations to place authorization hooks that mediates all security-sensitive operations in order to en-force expected access control policies at deployment. However, one challenge is that programmers often want to minimize the effort of writing such policies. As a result, they may remove authorization hooks that they believe are unneces-sary, but they may remove too many hooks, preventing the enforcement of some desirable access control policies. In this paper, we propose algorithms that automatically compute a minimal authorization hook placement that satisfies constraints that describe desirable ac-cess control policies. These authorization constraints reduce the space of en-forceable access control policies; i.e., those policies that can be enforced given a hook placement that satisfies the constraints. We have built a tool that implements this authorization hook placement method, demonstrating how programmers can produce authorization hooks for real-world programs and leverage policy goal-specific constraint selectors to automatically identify many authorization con-straints. Our experiments show that our technique reduces manual programmer effort by as much as 58 % and produces placements that reduce the amount of policy specification by as much as 30%.