History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
A flexible security architecture to support third-party applications on mobile devices
Proceedings of the 2007 ACM workshop on Computer security architecture
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Security-by-contract on the .NET platform
Information Security Tech. Report
Security enforcement aware software development
Information and Software Technology
Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Gate automata-driven run-time enforcement
Computers & Mathematics with Applications
Deriving implementation-level policies for usage control enforcement
Proceedings of the second ACM conference on Data and Application Security and Privacy
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Idea: callee-site rewriting of sealed system libraries
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Model-Based usage control policy derivation
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
This paper describes the S3MS.NET run time monitor, a tool that can enforce security policies expressed in a variety of policy languages for .NET desktop or mobile applications. The tool consists of two major parts: a bytecode inliner that rewrites .NET assemblies to insert calls to a policy decision point, and a policy compiler that compiles source policies to executable policy decision points. The tool supports both singlethreaded and multithreaded applications, and is sufficiently mature to be used on real-world applications. This paper describes the overall functionality and architecture of the tool, discusses its strengths and weaknesses, and reports on our experience with using the tool on case studies as well as in teaching.