Notions of computation and monads
Information and Computation
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Typing a multi-language intermediate code
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Java Virtual Machine Specification
Java Virtual Machine Specification
Compiling for the .Net Common Language Runtime
Compiling for the .Net Common Language Runtime
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
A type-theoretic interpretation of pointcuts and advice
Science of Computer Programming - Special issue: Foundations of aspect-oriented programming
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Types and trace effects of higher order programs
Journal of Functional Programming
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
Composing expressive runtime security policies
ACM Transactions on Software Engineering and Methodology (TOSEM)
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
The confinement problem in the presence of faults
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Hi-index | 0.00 |
A run-time monitor is a program that runs in parallel with an untrusted application and examines actions from the application's instruction stream. If the sequence of program actions deviates from a specified security policy, the monitor transforms the sequence or terminates the program. We present the design and formal specification of a language for defining the policies enforced by program monitors. Our language provides a number of facilities for composing complex policies from simpler ones. We allow policies to be parameterized by values or other policies, and we define operators for forming the conjunction and disjunction of policies. Since the computations that implement these policies modify program behavior, naive composition of computations does not necessarily produce the conjunction (or disjunction) of the policies that the computations implement separately. We use a type and effect system to ensure that computations do not interfere with one another when they are composed.