A note on denial-of-service in operating systems
IEEE Transactions on Software Engineering
ACM Transactions on Information and System Security (TISSEC)
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Defining Liveness
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Policy-directed code safety
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Event-based runtime verification of java programs
WODA '05 Proceedings of the third international workshop on Dynamic analysis
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Relational queries over program traces
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
How secure is AOP and what can we do about it?
Proceedings of the 2006 international workshop on Software engineering for secure systems
The DaCapo benchmarks: java benchmarking development and analysis
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Policy enforcement via program monitoring
Policy enforcement via program monitoring
Making trace monitors feasible
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Aspect-oriented in-lined reference monitors
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Security Policy Enforcement in the OSGi Framework Using Aspect-Oriented Programming
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
Temporal Assertions using AspectJ
Electronic Notes in Theoretical Computer Science (ENTCS)
Rule Systems for Run-time Monitoring
Journal of Logic and Computation
An overview of the MOP runtime verification framework
International Journal on Software Tools for Technology Transfer (STTT) - Runtime Verification
Inlined monitors for security policy enforcement in web applications
Proceedings of the 17th Panhellenic Conference on Informatics
Hi-index | 0.00 |
Software security attacks represent an ever growing problem. One way to make software more secure is to use Inlined Reference Monitors (IRMs), which allow security specifications to be inlined inside a target program to ensure its compliance with the desired security specifications. The IRM approach has been developed primarily by the security community. Runtime Verification (RV), on the other hand, is a software engineering approach, which is intended to formally encode system specifications within a target program such that those specifications can be later enforced during the execution of the program. Until now, the IRM and RV approaches have lived separate lives; in particular RV techniques have not been applied to the security domain, being used instead to aid program correctness and testing. This paper discusses the usage of a formalism-generic RV system, JavaMOP, as a means to specify IRMs, leveraging the careful engineering of the JavaMOP system for ensuring secure operation of software in an efficient manner.