Extrapol: Dependent Types and Effects for System Security
Résumé
In the realm of security, one of the largest challenges is to determine what effects the execution of a program may have on the target system. While numerous tools permit extraction of these effects either during the execution of a program (dynamic analysis) or after its execution (trace analysis), the extraction of effects before the execution (static analysis of effects) from system-level software is largely ignored. In this document, we introduce a technique for this purpose. By extending the theory of types and effects, we demonstrate how to statically determine the set of system calls performed by a program or a library function, as well as their respective targets resources, from a C source code. Two implementations are proposed, one in Java and the other one in OCaml. While this is an on-going work, preliminary results are promising