Method for static security enforcement of a DSL

US 10,379,824 B2
Filed: 02/26/2016
Issued: 08/13/2019
Est. Priority Date: 02/26/2016
Status: Active Grant

First Claim

Patent Images

1. A method for securing computer code, the method comprising:

receiving the computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;

using a compiler to perform static analysis on the computer code, the static analysis including referencing a security policy defining one or more unacceptable program behaviors;

performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context;

indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL;

accessing a predefined compile context for the DSL, wherein the compile context accessible by the compiler and used by the compiler to access metadata included in the security policy and applicable to the DSL, wherein the compiler is adapted to visit all expression nodes in a syntax tree associated with the computer code written using the DSL;

using the compile context, on visit of an expression node of the syntax tree, to determine if the expression node is secure; and

if access to a computing object associated with the expression node is not secure, then;

terminating compilation of the computer code written using the DSL and displaying a compiler error message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example system and method for securing computer code of a dynamic Domain Specific Language (DSL) that leverages a General Purpose Language (GPL). An example method includes enhancing compile-time security enforcement functionality for computer code written using the DSL, in part by using a compiler to perform static analysis on the DSL computer code. The static analysis includes referencing a security policy defining one or more unacceptable program behaviors; and indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis.

Citations

19 Claims

1. A method for securing computer code, the method comprising:
- receiving the computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;
  
  using a compiler to perform static analysis on the computer code, the static analysis including referencing a security policy defining one or more unacceptable program behaviors;
  
  performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context;
  
  indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL;
  
  accessing a predefined compile context for the DSL, wherein the compile context accessible by the compiler and used by the compiler to access metadata included in the security policy and applicable to the DSL, wherein the compiler is adapted to visit all expression nodes in a syntax tree associated with the computer code written using the DSL;
  
  using the compile context, on visit of an expression node of the syntax tree, to determine if the expression node is secure; and
  
  if access to a computing object associated with the expression node is not secure, then;
  
  terminating compilation of the computer code written using the DSL and displaying a compiler error message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the computing environment includes a virtual machine, and wherein the virtual machine includes a cloud-based virtual machine that hosts a runtime environment that includes the compiler and supports computer code implemented via the GPL and the DSL.
  - 3. The method of claim 2, wherein the runtime environment further hosts one or more software development tools shared by plural tenants and configured to facilitate coding of the computer code written using the dynamic DSL.
  - 4. The method of claim 3, wherein the one or more software development tools includes a data composer software application, wherein the computer code written using the DSL includes the data composer software application.
  - 5. The method of claim 4, further including employing Groovy compile-time metaprogramming functionality to implement a code editor.
  - 6. The method of claim 2, wherein the security policy is customizable by a developer of the DSL, and wherein customizability of the security policy is facilitated via a Groovy secure Abstract Syntax Tree (AST) customizer.
  - 7. The method of claim 2, wherein the one or more unacceptable program behaviors include one or more dynamic program behaviors, and wherein the DSL is a dynamic programming language that is dynamically typed.
  - 8. The method of claim 7, wherein the one or more dynamic program behaviors includes the modifying of the preexisting computer code, and wherein the modifying of the preexisting computer code includes adjustment of the preexisting computer code to incorporate the computer code written using the DSL, and wherein the computer code written using the DSL includes one or more validation rules.
  - 9. The method of claim 2, wherein using further includes employing a compile context of the compiler to facilitate access by the compiler to the security policy during semantic analysis performed by the compiler.
  - 10. The method of claim 9, wherein the semantic analysis further includes generating an (AST) and checking one or more nodes of the Abstract Syntax Tree (AST), and wherein the one or more nodes of the AST include all expression nodes of the AST.
  - 11. The method of claim 1, wherein using further includes performing a security check associated with one or more dynamic program behaviors using static compile-time checking and compile context, wherein the compile context facilitates compiler access to type information pertaining to the computer code written using the dynamic DSL, wherein the type information includes complex type information.
  - 12. The method of claim 11, further including employing the static analysis and compile context to prevent an exit method from being invoked on an object identified via the computer code written using the DSL, and further including passing security policy metadata to the compiler via the compiler context.
  - 13. The method of claim 12, wherein the security policy metadata includes information characterizing one or more compiler extensions, type information associated with a computing object referenced by the computer code written using the DSL, and environment-specific context information.
  - 14. The method of claim 1, wherein the security policy includes a customizable programming language class.
  - 15. The method of claim 14, wherein the customizable programming language class includes a customizable Java class, and further including adapting a preexisting security policy of the compiler to facilitate performing one or more security checks specified by the customizable programming language class, the customizable programming class implemented via the DSL.
  - 16. The method of claim 1, wherein the computer code written using a DSL is received via a cloud-based code editor for editing code written in the DSL;
    - wherein the computer code written using the DSL is running in the GPL computing environment; and
      
      wherein the DSL is sandboxed using compile context to facilitate ensuring that the computer code written using the DSL adheres to one or more security rules restricting runtime behavior of the computer code written using the DSL before the computer code is run.
  - 17. The method of claim 16, wherein the computer code written using the DSL runs within a JVM that also runs a software development platform written in the DSL and adapted to enable a user to enter the computer code written using the DSL.

18. An apparatus comprising:
- a processor-readable storage device including one or more instructions;
  
  a digital processor coupled to a display and to the processor-readable storage device, wherein the digital processor executes the one or more instructions to perform the following acts;
  
  receiving computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Programming Language (GPL) computing environment;
  
  using a compiler to perform static analysis on the computer code, the static analysis including referencing a security policy defining one or more unacceptable program behaviors;
  
  performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context;
  
  indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL;
  
  accessing a predefined compile context for the DSL, wherein the compile context accessible by the compiler and used by the compiler to access metadata included in the security policy and applicable to the DSL, wherein the compiler is adapted to visit all expression nodes in a syntax tree associated with the computer code written using the DSL;
  
  using the compile context, on visit of an expression node of the syntax tree, to determine if the expression node is secure; and
  
  if access to a computing object associated with the expression node is not secure, then;
  
  terminating compilation of the computer code written using the DSL and displaying a compiler error message.

19. A processor-readable storage device including instructions when executed by a digital processor, the processor-readable storage device including one or more instructions for:
- receiving computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Programming Language (GPL) computing environment;
  
  using a compiler to perform static analysis on the computer code, the static analysis including referencing a security policy defining one or more unacceptable program behaviors;
  
  performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context;
  
  indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL;
  
  accessing a predefined compile context for the DSL, wherein the compile context accessible by the compiler and used by the compiler to access metadata included in the security policy and applicable to the DSL, wherein the compiler is adapted to visit all expression nodes in a syntax tree associated with the computer code written using the DSL;
  
  using the compile context, on visit of an expression node of the syntax tree, to determine if the expression node is secure; and
  
  if access to a computing object associated with the expression node is not secure, then;
  
  terminating compilation of the computer code written using the DSL and displaying a compiler error message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Smiljanic, John, Vinayaka, Shailesh
Primary Examiner(s)
Dolly, Kendall
Assistant Examiner(s)
Fields, Courtney D

Application Number

US15/055,136
Publication Number

US 20170249130A1
Time in Patent Office

1,264 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06F 2221/033   Test or assess software

G06F 8/41   Compilation

G06F 8/427   Parsing

G06F 8/43   Checking; Contextual analysis

G06F 8/75   Structural analysis for pro...

Method for static security enforcement of a DSL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method for static security enforcement of a DSL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links