Run-Time Enforcement of Nonsafety Policies

Authors:
Jay Ligatti;Lujo Bauer;David Walker
Affiliations:
University of South Florida;Carnegie Mellon University;Princeton University
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2009

Citing 32
Cited 26

Software transactional memory

Proceedings of the fourteenth annual ACM symposium on Principles of distributed computing
A General Theory of Composition for a Class of "Possibilistic" Properties

IEEE Transactions on Software Engineering
A lightweight architecture for program execution monitoring

Proceedings of the 1998 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
History-based access control for mobile code

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A type system for expressive security policies

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Monitoring Software Requirements Using Instrumented Code

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9 - Volume 9
On the Composition of Secure Systems

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Policy-directed code safety

Policy-directed code safety
Foundations for the run-time analysis of software systems

Foundations for the run-time analysis of software systems
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
Efficient Decentralized Monitoring of Safety in Distributed Systems

Proceedings of the 26th International Conference on Software Engineering
Efficient monitoring of safety properties

International Journal on Software Tools for Technology Transfer (STTT) - Special section on tools and algorithms for the construction and analysis of systems
Composing security policies with polymer

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Composable memory transactions

Proceedings of the tenth ACM SIGPLAN symposium on Principles and practice of parallel programming
Computability classes for enforcement mechanisms

ACM Transactions on Programming Languages and Systems (TOPLAS)
Certified In-lined Reference Monitoring on .NET

Proceedings of the 2006 workshop on Programming languages and analysis for security
JavaScript instrumentation for browser security

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Policy enforcement via program monitoring

Policy enforcement via program monitoring
An Approach for the Specification, Verification and Synthesis of Secure Systems

Electronic Notes in Theoretical Computer Science (ENTCS)
Security policy enforcement by automated program-rewriting

Security policy enforcement by automated program-rewriting
Through Modeling to Synthesis of Security Automata

Electronic Notes in Theoretical Computer Science (ENTCS)
Automated Synthesis of Enforcing Mechanisms for Security Properties in a Timed Setting

Electronic Notes in Theoretical Computer Science (ENTCS)
Provably Correct Runtime Monitoring

FM '08 Proceedings of the 15th international symposium on Formal Methods
Types and effects for non-interfering program monitors

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
A tool for the synthesis of controller programs

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Enhancing Java security with history based access control

Foundations of security analysis and design IV
Enforcing non-safety security policies with program monitors

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Enforcement monitoring wrt. the safety-progress classification of properties: NOTE: ACM has found that the authors of this paper failed to cite a work they previously published with much identical content entitled Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties. Published in December 2008 in the Springer LNCS series for the ICISS 2008 conference DOI= http://dx.doi.org/10.1007/978-3-540-89862-7_3

Proceedings of the 2009 ACM symposium on Applied Computing
On the expressiveness and complexity of randomization in finite state monitors

Journal of the ACM (JACM)
Towards Practical Enforcement Theories

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Infringo ergo sum: when will software engineering support infringements?

Proceedings of the FSE/SDP workshop on Future of software engineering research
Using equivalence relations for corrective enforcement of security policies

MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
A theory of runtime enforcement, with results

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
You should better enforce than verify

RV'10 Proceedings of the First international conference on Runtime verification
Security rules versus security properties

ICISS'10 Proceedings of the 6th international conference on Information systems security
Predictability of enforcement

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Runtime enforcement monitors: composition, synthesis, and enforcement abilities

Formal Methods in System Design
Relationship-based access control policies and their policy languages

Proceedings of the 16th ACM symposium on Access control models and technologies
A location-based policy-specification language for mobile devices

Pervasive and Mobile Computing
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors

ACM Transactions on Information and System Security (TISSEC)
Aspect-Oriented runtime monitor certification

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Enforceable security policies revisited

POST'12 Proceedings of the First international conference on Principles of Security and Trust
Optimized inlining of runtime monitors

NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Asynchronous distributed monitoring for multiparty session enforcement

TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
A quantitative approach for inexact enforcement of security policies

ISC'12 Proceedings of the 15th international conference on Information Security
Behavioral specification based runtime monitors for OSGi services

ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
Securing untrusted code via compiler-agnostic binary rewriting

Proceedings of the 28th Annual Computer Security Applications Conference
Least-restrictive enforcement of the Chinese wall security policy

Proceedings of the 18th ACM symposium on Access control models and technologies
Enforceable Security Policies Revisited

ACM Transactions on Information and System Security (TISSEC)
Relational abstraction in community-based secure collaboration

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Implementing real-time transactional security property using timed edit automata

Proceedings of the 6th International Conference on Security of Information and Networks
Reliable accounting in grids

International Journal of High Performance Computing and Networking
Iterative enforcement by suppression: Towards practical enforcement theories

Journal of Computer Security - ARSPA-WITS'10

Quantified Score

Hi-index	0.00

Visualization

Abstract

A common mechanism for ensuring that software behaves securely is to monitor programs at run time and check that they dynamically adhere to constraints specified by a security policy. Whenever a program monitor detects that untrusted software is attempting to execute a dangerous action, it takes remedial steps to ensure that only safe code actually gets executed. This article improves our understanding of the space of policies enforceable by monitoring the run-time behaviors of programs. We begin by building a formal framework for analyzing policy enforcement: we precisely define policies, monitors, and enforcement. This framework allows us to prove that monitors enforce an interesting set of policies that we call the infinite renewal properties. We show how to construct a program monitor that provably enforces any reasonable infinite renewal property. We also show that the set of infinite renewal properties includes some nonsafety policies, that is, that monitors can enforce some nonsafety (including some purely liveness) policies. Finally, we demonstrate concrete examples of nonsafety policies enforceable by practical run-time monitors.