TIL: a type-directed optimizing compiler for ML
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Communicating and mobile systems: the &pgr;-calculus
Communicating and mobile systems: the &pgr;-calculus
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
An efficient context-free parsing algorithm
Communications of the ACM - Special 25th Anniversary Issue
Using Runtime Analysis to Guide Model Checking of Java Programs
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Grammar-based analysis of string expressions
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Adding trace matching with free variables to AspectJ
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
AspectML: A polymorphic aspect-oriented functional programming language
ACM Transactions on Programming Languages and Systems (TOPLAS)
Aspect-oriented in-lined reference monitors
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Racer: effective race detection using aspectj
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
ConSpec – A formal language for policy specification
Science of Computer Programming
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Points-to analysis for JavaScript
Proceedings of the 2009 ACM symposium on Applied Computing
ActionScript bytecode verification with co-logic programming
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Abstract Parsing: Static Analysis of Dynamically Generated String Output Using LR-Parsing Technology
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dependent types and program equivalence
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Temporal Assertions using AspectJ
Electronic Notes in Theoretical Computer Science (ENTCS)
Disambiguating aspect-oriented security policies
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
An analysis of the dynamic behavior of JavaScript programs
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Information Flow Monitor Inlining
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
FIRM: capability-based inline mediation of Flash behaviors
Proceedings of the 26th Annual Computer Security Applications Conference
ActionScript in-lined reference monitoring in prolog
PADL'10 Proceedings of the 12th international conference on Practical Aspects of Declarative Languages
Model-checking in-lined reference monitors
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Java-MOP: a monitoring oriented programming environment for java
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Towards a type system for analyzing javascript programs
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Dynamic deadlock analysis of multi-threaded programs
HVC'05 Proceedings of the First Haifa international conference on Hardware and Software Verification and Testing
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors
ACM Transactions on Information and System Security (TISSEC)
Aspect-Oriented runtime monitor certification
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Towards certified runtime verification
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Hi-index | 0.00 |
Over the last few years, in-lined reference monitors (IRM's) have gained much popularity as successful security enforcement mechanisms. Aspect-oriented programming (AOP) provides one elegant paradigm for implementing IRM frameworks. There is a foreseen need to enhance both AOP-style and non-AOP IRM's with static certification due to two main concerns. Firstly, the Trusted Computing Base (TCB) can grow large quickly in an AOP-style IRM framework. Secondly, in many practical settings, such as in the domain of web-security, aspectually encoded policy implementations and the rewriters that apply them to untrusted code are subject to frequent change. Replacing the rewriter with a small, light-weight, yet powerful certifier that is policy-independent and less subject to change addresses both these concerns. The goal of this paper is two-fold. First, interesting issues encountered in the process of building certification systems for IRM frameworks, such as policy specification, certifier soundness, and certifier completeness, are explored in the light of related work. In the second half of the paper, three prominent unsolved problems in the domain of IRM certification are examined: runtime code-generation via eval, IRM certification in the presence of concurrency, and formal verification of transparency. Promising directions suggested by recent work related to these problems are highlighted.