Back to home page of Munawar


Security-oriented Program Transformations


A program transformation is a function that maps programs to programs. A security-oriented program transformation is a function that maps programs to security-augmented programs, i.e. it introduces a security solution to make a program more secure.Sketch of a Program Transformation

There are many kinds of program transformations. Compilers transfer programs in source form to an equivalent program for a particular machine language. Refactorings are source to source transformations that intend to change the structure of programs but not their behavior. Our security-oriented program transformations include both source to source and binary to binary transformations. They improve the security of systems, which means that they do not preserve all types of behavior. They preserve the expected behavior, but change a systemís response to security attacks.

A software system is often thought of as a collection of components. In that case, "adding on" security to a software system means adding a new component. However, a software system can also be thought of as a sequence of program transformations. For example, consider a sequence of versions in a version control system. The difference between any two adjacent versions is a program transformation. Some version control systems, such as cvs, store the differences between versions instead of storing the versions directly. These systems produce a version by applying a series of program transformations. Our focus is not on these very specific program transformations.

We are interested in automated, general purpose program transformations that remove security threats from programs. Our program transformations are "general purpose", but no transformation will work with every program. They usually expect a certain programming language or a certain platform, because the exact details are language-specific. By general purpose transformations, we mean that a transformation for a certain programming language should be applicable to all programs written in that language. 

Our security-oriented program transformations are "schematic" in the sense that they are structural changes that do not depend on a detailed understanding of the application logic. This property makes them similar to refactoring, altering the internal structure of code without changing its external behavior. However, security-oriented program transformations are not behavior-preserving the way refactorings are. The concept of behavior preservation in the face of security vulnerabilities is a little different. It should mean that a program preserves the correct behavior and fixes the incorrect behavior that is caused by a security vulnerability. Our program transformations are behavior-preserving when the system is used correctly; they preserve the good path behavior. Only attackers see change in the behavior, because security-oriented program transformations eliminate the source of vulnerabilities the attackers want to exploit.


List of Security-oriented Program Transformations

We have compiled a list of forty four candidate security solutions that can be described as security-oriented program transformations. The list is available as a pdf document.   


An Example Security-oriented Program Transformation

Safe Library Replacement Transformation

You have a program that uses a function that might cause data injection attacks if it receives an insufficiently validated input. You want to ensure that the program is not vulnerable to injection attacks.

Replace unsafe functions with safe functions that are not vulnerable even if malicious data is injected.

Sketch of a Safe Library Replacement Transformation


For each unsafe function, a developer specifies the alternative safe function and the library that includes the function.

The program transformation finds all functions that need to be replaced. It replaces unsafe functions with suitable alternatives in all source files.


PhD Thesis



          Security On Demand


          Department of Computer Science, University of Illinois

          Urbana, Illinois, Dec 2010



Tool Demo

          Preventing Integer Overflow Attacks with 'Add Integer Cast'  Program Transformation

          (avi)  (Extended Abstract)

          Munawar Hafiz

           Feb, 2011



          Security-oriented Program Transformations to Cure Integer Overflow Vulnerabilities


          Zack Coker

          ACM Student Research Competition

          In Companion of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012

          Oct 2012


          Patterns Transform Architectures


          Munawar Hafiz, Paul Adamczyk and Ralph Johnson

          In Proceedings of the 9th Working IEEE/IFIP Conference on Software Architecture, WICSA 2011

          Boulder, CO, Jun 2011  


          Improving Perimeter Security with Security-oriented Program Transformations


          Munawar Hafiz and Ralph Johnson

          In Proceedings of the 5th International Workshop on Software Engineering for Secure Systems, SESS 2009

          Vancouver, Canada, May 2009  



          Systematically Eradicating Data Injection Attacks using Security-oriented Program Transformations


          Munawar Hafiz, Paul Adamczyk and Ralph Johnson

          In Proceedings of the Symposium on Engineering Secure Software and Systems, ESSoS 2009

          Leuven, Belgium, Feb 2009  



          Security-oriented program transformations (Or how to add security on demand)


          Munawar Hafiz

          In companion of the 23rd Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2008

          San Diego, California, Oct 2008  



          A security oriented program transformation to "add on" policies to prevent injection attacks.


          Munawar Hafiz and Ralph Johnson

          2nd Workshop on Refactoring Tools, Co-located with OOPSLA 2008

          Nashville, Tennessee, Oct 2008




Last modified: Aug 24, 2012

Conceived and Maintained by: Munawar Hafiz