Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The design and implementation of a certifying compiler
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
A type system for expressive security policies
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
Monitoring External Resources in Java MIDP
Electronic Notes in Theoretical Computer Science (ENTCS)
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Enforcing resource bounds via static verification of dynamic checks
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Session types for object-oriented languages
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
Security-by-contract on the .NET platform
Information Security Tech. Report
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
Electronic Notes in Theoretical Computer Science (ENTCS)
Editorial: Recent developments in high performance computing and security: An editorial
Future Generation Computer Systems
Hi-index | 0.00 |
In the domain of security policy enforcement, the concerns of application developers are almost completely ignored. As a consequence, it is hard to develop useful and reliable applications that will function properly under a variety of policies. This paper addresses this issue for application security policies specified as security automata, and enforced through run-time monitoring. Our solution consists of three elements: the definition of an abstract interface to the policy that is being enforced, a sound construct to query that policy, and a static verification algorithm that guarantees absence of security policy violations in critical blocks of code.