SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Java Virtual Machine Specification
Java Virtual Machine Specification
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Java JR: fully abstract trace semantics for a core java language
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
Security Monitor Inlining for Multithreaded Java
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Hi-index | 0.00 |
Runtime security policy enforcement systems are crucial to limit the risks associated with running untrustworthy (malicious or buggy) code. The inlined reference monitor approach to policy enforcement, pioneered by Erlingsson and Schneider, implements runtime enforcement through program rewriting: security checks are inserted inside untrusted programs.Ensuring complete mediation --- the guarantee that every security-relevant event is actually intercepted by the monitor --- is non-trivial when the program rewriter operates on an object-oriented intermediate language with state-of-the-art features such as virtual methods and delegates.This paper proposes a caller-side rewriting algorithm for MSIL --- the bytecode of the .NET virtual machine --- where security checks are inserted around calls to security-relevant methods. We prove that this algorithm achieves sound and complete mediation and transparency for a simplified model of MSIL, and we report on our experiences with the implementation of the algorithm for full MSIL.