The S3MS.NET Run Time Monitor

Authors:
Lieven Desmet;Wouter Joosen;Fabio Massacci;Katsiaryna Naliuka;Pieter Philippaerts;Frank Piessens;Dries Vanoverberghe
Affiliations:
-;-;-;-;-;-;-
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 7
Cited 7

History-based access control for mobile code

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
A flexible security architecture to support third-party applications on mobile devices

Proceedings of the 2007 ACM workshop on Computer security architecture
ConSpec -- A Formal Language for Policy Specification

Electronic Notes in Theoretical Computer Science (ENTCS)
Security-by-contract on the .NET platform

Information Security Tech. Report
Security enforcement aware software development

Information and Software Technology

Distributed data usage control for web applications: a social network implementation

Proceedings of the first ACM conference on Data and application security and privacy
Elective temporal logic

Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Gate automata-driven run-time enforcement

Computers & Mathematics with Applications
Deriving implementation-level policies for usage control enforcement

Proceedings of the second ACM conference on Data and Application Security and Privacy
Representation-Independent data usage control

DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Idea: callee-site rewriting of sealed system libraries

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Model-Based usage control policy derivation

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes the S3MS.NET run time monitor, a tool that can enforce security policies expressed in a variety of policy languages for .NET desktop or mobile applications. The tool consists of two major parts: a bytecode inliner that rewrites .NET assemblies to insert calls to a policy decision point, and a policy compiler that compiles source policies to executable policy decision points. The tool supports both singlethreaded and multithreaded applications, and is sufficiently mature to be used on real-world applications. This paper describes the overall functionality and architecture of the tool, discusses its strengths and weaknesses, and reports on our experience with using the tool on case studies as well as in teaching.