Increasing Application Security through Interpretation

Abstract

In this project, we examine the potential for reducing vulnerabilities in legacy code through program language translation. Our compiler translates source code written in C, a low-level language notorious for security issues, into secure, interpreted Python code. The resulting code is functionally identical, and is produced using C and Python abstract syntax trees. We analyze the effectiveness of this vulnerability reduction by testing the resulting code against known C vulnerabilities, provided by the NIST Juliet Test Suite. Using Juliet, we show that the resulting Python code is less vulnerable to C memory errors such as the buffer overflow and null pointer dereference. Our C to Python transpiler explores the possibility that interpreted languages offer increased security implicitly. Throughout the course of this project, we did not build any security measures into the transpiler, and yet it shows that translating programs into Python increases their security. This, coupled with the additional oversight an interpreter gives over the execution of a program, builds a strong case for security through interpretation. To fully realize this security principle, more work must be done on the topic, but the transpiler we have created demonstrates that the concept has merit.

Document Details

Document Type

Technical Report

Publication Date

May 16, 2023

Accession Number

AD1207066

Entities

Tags