ACM Transactions on Programming Languages and Systems (TOPLAS)
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
Optimized inlining of runtime monitors
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Hi-index | 0.00 |
In this paper, we present a formal technique for enforcing security policies on programs. Our technique takes an untrusted program and a security policy as input and produces a new safe program with respect to the considered policy. The proposed technique is based on the use of automata and a special composition operator called injection over automata. Injection consists in embedding the automaton representing the safety property into the automaton representing the untrusted program, so that we get a new automaton. This latter can merely be converted into a safe program which always satisfies the safety property. Consequently, our enforcement method is based on rewriting, since it takes an untrusted program and transforms it, so it produces another equivalent program satisfying the safety property. Finally, we prove that our technique is both sound and complete, i.e.: all the possible executions of the new generated program are possible executions of the original one and any possible execution of the original program respecting the security policy is a possible execution of the new generated one.