Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
The minimum consistent DFA problem cannot be approximated within and polynomial
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
ACM Transactions on Information and System Security (TISSEC)
A note on the confinement problem
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
A simple method for extracting models for protocol code
ISCA '01 Proceedings of the 28th annual international symposium on Computer architecture
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
FORTE XII / PSTV XIX '99 Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX)
C Wolf - A Toolset for Extracting Models from C Programs
FORTE '02 Proceedings of the 22nd IFIP WG 6.1 International Conference Houston on Formal Techniques for Networked and Distributed Systems
Temporal-Safety Proofs for Systems Code
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Empowering mobile code using expressive security policies
Proceedings of the 2002 workshop on New security paradigms
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Policy-directed code safety
Intrusion detection/prevention using behavior specifications
Intrusion detection/prevention using behavior specifications
An Approach for Secure Software Installation
LISA '02 Proceedings of the 16th USENIX conference on System administration
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Fixed- vs. variable-length patterns for detecting suspicious process behavior
Journal of Computer Security
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
A high performance Kernel-Less Operating System architecture
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
ROST: Remote and hot service deployment with trustworthiness in CROWN Grid
Future Generation Computer Systems
Correlating multi-session attacks via replay
HOTDEP'06 Proceedings of the 2nd conference on Hot Topics in System Dependability - Volume 2
Supporting Security Monitor-Aware Development
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Rapid file system development using ptrace
Proceedings of the 2007 workshop on Experimental computer science
Rapid file system development using ptrace
ecs'07 Experimental computer science on Experimental computer science
Security-by-contract for web services
Proceedings of the 2007 ACM workshop on Secure web services
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
A compact aspect-based security monitor for J2ME applications
CompSysTech '07 Proceedings of the 2007 international conference on Computer systems and technologies
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
CMV: automatic verification of complete mediation for java virtual machines
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Simulating midlet's security claims with automata modulo theory
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Extensible Web Browser Security
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Expanding Malware Defense by Securing Software Installations
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Message Quality for Ambient System Security
ADHOC-NOW '08 Proceedings of the 7th international conference on Ad-hoc, Mobile and Wireless Networks
ConSpec – A formal language for policy specification
Science of Computer Programming
Tiered fault tolerance for long-term integrity
FAST '09 Proccedings of the 7th conference on File and storage technologies
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
Efficient IRM enforcement of history-based access control policies
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Do You Really Mean What You Actually Enforced?
Formal Aspects in Security and Trust
Security enforcement aware software development
Information and Software Technology
Combining Static Model Checking with Dynamic Enforcement Using the Statecall Policy Language
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
An Abstract Interpretation-based Approach to Mobile Code Safety
Electronic Notes in Theoretical Computer Science (ENTCS)
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
AFID: an automated approach to collecting software faults
Automated Software Engineering
Proceedings of the IEEE/ACM international conference on Automated software engineering
Small trusted primitives for dependable systems
ACM SIGOPS Operating Systems Review
Artificial malware immunization based on dynamically assigned sense of self
ISC'10 Proceedings of the 13th international conference on Information security
On the challenge of delivering high-performance, dependable, model-checked internet servers
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Correlating multi-session attacks via replay
HotDep'06 Proceedings of the Second conference on Hot topics in system dependability
A framework for analyzing programs written in proprietary languages
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Reduced certificates for abstraction-carrying code
ICLP'06 Proceedings of the 22nd international conference on Logic Programming
Modelling mobility aspects of security policies
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Environment-sensitive intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Can we support applications' evolution in multi-application smart cards by security-by-contract?
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
SP 800-28 Version 2. Guidelines on Active Content and Mobile Code
SP 800-28 Version 2. Guidelines on Active Content and Mobile Code
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Java card architecture for autonomous yet secure evolution of smart cards applications
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Verifiable control flow policies for java bytecode
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Pre-execution security policy assessment of remotely defined BPEL-based grid processes
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Security-by-contract: toward a semantics for digital signatures on mobile code
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Dependability in dynamic, evolving and heterogeneous systems: the connect approach
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
A portable user-level approach for system-wide integrity protection
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
This paper presents a new approach called model-carrying code (MCC) for safe execution of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped with a concise high-level model of its security-relevant behavior. This model helps bridge the gap between high-level security policies and low-level binary code, thereby enabling analyses which would otherwise be impractical. For instance, users can use a fully automated verification procedure to determine if the code satisfies their security policies. Alternatively, an automated procedure can sift through a catalog of acceptable policies to identify one that is compatible with the model. Once a suitable policy is selected, MCC guarantees that the policy will not be violated by the code. Unlike previous approaches, the MCC framework enables code producers and consumers to collaborate in order to achieve safety. Moreover, it provides support for policy selection as well as enforcement. Finally, MCC makes no assumptions regarding the inherent risks associated with untrusted code. It simply provides the tools that enable a consumer to make informed decisions about the risk that he/she is willing to tolerate so as to benefit from the functionality offered by an untrusted application.