Security enforcement aware software development

Authors:
Dries Vanoverberghe;Frank Piessens
Affiliations:
Distrinet, Department of Computer Science, Katholieke Universiteit Leuven, Celestijnenlaan 200A, 3001 Leuven, Belgium;Distrinet, Department of Computer Science, Katholieke Universiteit Leuven, Celestijnenlaan 200A, 3001 Leuven, Belgium
Venue:
Information and Software Technology
Year:
2009

Citing 15
Cited 4

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The design and implementation of a certifying compiler

PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
A type system for expressive security policies

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Access rights analysis for Java

OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
IRM Enforcement of Java Stack Inspection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
Composing security policies with polymer

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Certified In-lined Reference Monitoring on .NET

Proceedings of the 2006 workshop on Programming languages and analysis for security
Monitoring External Resources in Java MIDP

Electronic Notes in Theoretical Computer Science (ENTCS)
ConSpec -- A Formal Language for Policy Specification

Electronic Notes in Theoretical Computer Science (ENTCS)
Enforcing resource bounds via static verification of dynamic checks

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Session types for object-oriented languages

ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming

Security-by-contract on the .NET platform

Information Security Tech. Report
Security-By-Contract for the Future Internet

Future Internet --- FIS 2008
The S3MS.NET Run Time Monitor

Electronic Notes in Theoretical Computer Science (ENTCS)
Editorial: Recent developments in high performance computing and security: An editorial

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the domain of security policy enforcement, the concerns of application developers are almost completely ignored. As a consequence, it is hard to develop useful and reliable applications that will function properly under a variety of policies. This paper addresses this issue for application security policies specified as security automata, and enforced through run-time monitoring. Our solution consists of three elements: the definition of an abstract interface to the policy that is being enforced, a sound construct to query that policy, and a static verification algorithm that guarantees absence of security policy violations in critical blocks of code.