The art of Prolog (2nd ed.): advanced programming techniques
The art of Prolog (2nd ed.): advanced programming techniques
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Automated Software Engineering
Residual Finite State Automata
STACS '01 Proceedings of the 18th Annual Symposium on Theoretical Aspects of Computer Science
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
Electronic Notes in Theoretical Computer Science (ENTCS)
Aspect-oriented in-lined reference monitors
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
ConSpec – A formal language for policy specification
Science of Computer Programming
ActionScript bytecode verification with co-logic programming
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
ICLP'06 Proceedings of the 22nd international conference on Logic Programming
Java-MOP: a monitoring oriented programming environment for java
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A framework for certified program analysis and its applications to mobile-code safety
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Model checking x86 executables with codesurfer/x86 and WPDS++
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Disambiguating aspect-oriented security policies
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
ActionScript in-lined reference monitoring in prolog
PADL'10 Proceedings of the 12th international conference on Practical Aspects of Declarative Languages
Aspect-Oriented runtime monitor certification
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Cloud-Centric assured information sharing
PAISI'12 Proceedings of the 2012 Pacific Asia conference on Intelligence and Security Informatics
Efficient runtime policy enforcement using counterexample-guided abstraction refinement
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Hi-index | 0.00 |
A technique for elegantly expressing In-lined Reference Monitor (IRM) certification as model-checking is presented and implemented. In-lined Reference Monitors (IRM’s) enforce software security policies by in-lining dynamic security guards into untrusted binary code. Certifying IRM systems provide strong formal guarantees for such systems by verifying that the instrumented code produced by the IRM system satisfies the original policy. Expressing this certification step as model-checking allows well-established model-checking technologies to be applied to this often difficult certification task. The technique is demonstrated through the enforcement and certification of a URL anti-redirection policy for ActionScript web applets.