Abstract

In this thesis, we report our research on systematic security hardening. We see how the software development industry is currently relying on highly-qualified security experts in order to manually improve existing software, which is a costly and error-prone approach. In response to this situation, we propose an approach that enables systematic security hardening by non-experts. We first study the existing methods used to remedy software vulnerabilities and use this information to determine a classification and definition for security hardening. We then see how the state of the art in secure coding, patterns and aspect-oriented programming (AOP) can be leveraged to enable systematic software security improvements, independently from the users' security expertise. We also present improvements on AOP that are necessary in order for this approach to be realizable. The first improvement, GAFlow and GDFlow, two new pointcut constructors, allow the injection of code that precedes or follows any of the points in the input set, facilitating the development of reusable patterns. The second, ExportParameter and ImportParameter, allow us to safely pass parameters between different parts of the program. Afterwards, we leverage our previous findings in the definition of SHL, the Security Hardening Language. SHL is designed in order to permit language-independent expression of security hardening plans and security hardening patterns in an aspect-oriented manner which enables refinement of patterns into concrete solutions. We then demonstrate the viability of this approach by applying it to add a security feature to the APT package acquisition and management system.