Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
AngeL: a tool to disarm computer systems
Proceedings of the 2001 workshop on New security paradigms
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Stack inspection: Theory and variants
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Language-Based Approach to Security
Informatics - 10 Years Back. 10 Years Ahead.
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
Using reflection as a mechanism for enforcing security policies on compiled code
Journal of Computer Security - Special issue on ESORICS 2000
Empowering mobile code using expressive security policies
Proceedings of the 2002 workshop on New security paradigms
A static type system for JVM access control
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Program specialization for execution monitoring
Journal of Functional Programming
A tail-recursive machine with stack inspection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Symmetric behavior-based trust: a new paradigm for internet computing
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
PolyAML: a polymorphic aspect-oriented functional programming language
Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Proceedings of the 12th ACM conference on Computer and communications security
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
Static check analysis for Java stack inspection
ACM SIGPLAN Notices
Ad hoc extensibility and access control
ACM SIGOPS Operating Systems Review
A static type system for JVM access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
Specifying and analyzing security automata using CSP-OZ
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Using web application construction frameworks to protect against code injection attacks
Proceedings of the 2007 workshop on Programming languages and analysis for security
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Supporting Security Monitor-Aware Development
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Utilizing Binary Rewriting for Improving End-Host Security
IEEE Transactions on Parallel and Distributed Systems
A flexible security architecture to support third-party applications on mobile devices
Proceedings of the 2007 ACM workshop on Computer security architecture
AspectML: A polymorphic aspect-oriented functional programming language
ACM Transactions on Programming Languages and Systems (TOPLAS)
An approach to synthesise safe systems
International Journal of Security and Networks
End-to-end web application security
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
CMV: automatic verification of complete mediation for java virtual machines
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Security-by-contract on the .NET platform
Information Security Tech. Report
Simulating midlet's security claims with automata modulo theory
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Provably Correct Runtime Monitoring
FM '08 Proceedings of the 15th international symposium on Formal Methods
A Caller-Side Inline Reference Monitor for an Object-Oriented Intermediate Language
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
JavaScript Instrumentation in Practice
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Execution monitoring enforcement for limited-memory systems
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Composing expressive runtime security policies
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the 2009 ACM symposium on Applied Computing
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
Efficient IRM enforcement of history-based access control policies
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Security enforcement aware software development
Information and Software Technology
Modular string-sensitive permission analysis with demand-driven precision
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Security Monitor Inlining for Multithreaded Java
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Program Transformations under Dynamic Security Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Enforcing IRM security policies: two case studies
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A permission system for secure AOP
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Isolating untrusted software extensions by custom scoping rules
Computer Languages, Systems and Structures
Visualization of permission checks in java using static analysis
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Types and effects for non-interfering program monitors
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Enforcing Java run-time properties using bytecode rewriting
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Computer security from a programming language and static analysis perspective
ESOP'03 Proceedings of the 12th European conference on Programming
Efficient and practical control flow monitoring for program security
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Synthesising monitors from high-level policies for the safe execution of untrusted software
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
COORDINATION'08 Proceedings of the 10th international conference on Coordination models and languages
Enhancing Java security with history based access control
Foundations of security analysis and design IV
FIRM: capability-based inline mediation of Flash behaviors
Proceedings of the 26th Annual Computer Security Applications Conference
Middleware support for complex and distributed security services in multi-tier web applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Engineering secure future internet services
The future internet
Garbage collection for monitoring parametric properties
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Runtime enforcement monitors: composition, synthesis, and enforcement abilities
Formal Methods in System Design
Formal enforcement of security policies on concurrent systems
Journal of Symbolic Computation
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
Proceedings of the 18th ACM conference on Computer and communications security
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
HBAC: a model for history-based access control and its model checking
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A location-based policy-specification language for mobile devices
Pervasive and Mobile Computing
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors
ACM Transactions on Information and System Security (TISSEC)
Enforceable security policies revisited
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Security-policy monitoring and enforcement with JavaMOP
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Secure programming via visibly pushdown safety games
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Leveraging "choice" to automate authorization hook placement
Proceedings of the 2012 ACM conference on Computer and communications security
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A case for "Piggyback" Runtime Monitoring
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
The specification and compilation of obligation policies for program monitoring
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Idea: callee-site rewriting of sealed system libraries
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
AppGuard: enforcing user requirements on android apps
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Secure and modular access control with aspects
Proceedings of the 12th annual international conference on Aspect-oriented software development
RetroSkeleton: retrofitting android apps
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Enforceable Security Policies Revisited
ACM Transactions on Information and System Security (TISSEC)
Monitor integrity protection with space efficiency and separate compilation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Relational abstraction in community-based secure collaboration
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Control-flow restrictor: compiler-based CFI for iOS
Proceedings of the 29th Annual Computer Security Applications Conference
International Journal of High Performance Computing and Networking
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Two implementations are given for Java's stack-inspection access-control policy. Each implementation is obtained by generating an inlined reference monitor (IRM) for a different formulation of the policy. Performance of the implementations is evaluated, and one is found to be competitive with Java's less-flexible, JVM-resident implementation. The exercise illustrates the power of the IRM approach for enforcing security policies.