ACM Transactions on Information and System Security (TISSEC)
WMP '00 Proceedings of the Workshop on Multiset Processing: Multiset Processing, Mathematical, Computer Science, and Molecular Computing Points of View
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Foundations for the run-time analysis of software systems
Foundations for the run-time analysis of software systems
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Execution monitoring enforcement under memory-limitation constraints
Information and Computation
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
Policy Monitoring and a Finite State Automata Model
CSSE '08 Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 02
Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Security Policies Enforcement Using Finite Edit Automata
Electronic Notes in Theoretical Computer Science (ENTCS)
Using Edit Automata for Rewriting-Based Security Enforcement
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Towards Practical Enforcement Theories
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Generating In-Line Monitors for Rabin Automata
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Using equivalence relations for corrective enforcement of security policies
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
A theory of runtime enforcement, with results
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Corrective enforcement of security policies
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
On locally checkable properties
LPAR'06 Proceedings of the 13th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Do you really mean what you actually enforced?: Edited automata revisited
International Journal of Information Security
Efficient monitoring of ω-languages
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Information and Software Technology
Hi-index | 0.00 |
Runtime monitoring is an increasingly popular method to ensure the safe execution of untrusted codes. Monitors observe and transform the execution of these codes, responding when needed to correct or prevent a violation of a user-defined security policy. Prior research has shown that the set of properties monitors can enforce correlates with the latitude they are given to transform and alter the target execution. But for enforcement to be meaningful this capacity must be constrained, otherwise the monitor can enforce any property, but not necessarily in a manner that is useful or desirable. However, such constraints have not been significantly addressed in prior work. In this article, we develop a new paradigm of security policy enforcement in which the behavior of the enforcement mechanism is restricted to ensure that valid aspects present in the execution are preserved notwithstanding any transformation it may perform. These restrictions capture the desired behavior of valid executions of the program, and are stated by way of a preorder over sequences. The resulting model is closer than previous ones to what would be expected of a real-life monitor, from which we demand a minimal footprint on both valid and invalid executions. We illustrate this framework with examples of real-life security properties. Since several different enforcement alternatives of the same property are made possible by the flexibility of this type of enforcement, our study also provides metrics that allow the user to compare monitors objectively and choose the best enforcement paradigm for a given situation.