A thread monitoring system for multithreaded Java programs
ACM SIGPLAN Notices
Mining Security-Sensitive Operations in Legacy Code Using Concept Analysis
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
A flexible security architecture to support third-party applications on mobile devices
Proceedings of the 2007 ACM workshop on Computer security architecture
A Virtual Machine Based Information Flow Control System for Policy Enforcement
Electronic Notes in Theoretical Computer Science (ENTCS)
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Security-by-contract on the .NET platform
Information Security Tech. Report
Aspect-oriented in-lined reference monitors
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Verified enforcement of stateful information release policies
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
A Caller-Side Inline Reference Monitor for an Object-Oriented Intermediate Language
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
ConSpec – A formal language for policy specification
Science of Computer Programming
Verified enforcement of stateful information release policies
ACM SIGPLAN Notices
Composing expressive runtime security policies
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the 2009 ACM symposium on Applied Computing
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Security enforcement aware software development
Information and Software Technology
Security Monitor Inlining for Multithreaded Java
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Electronic Notes in Theoretical Computer Science (ENTCS)
Generating In-Line Monitors for Rabin Automata
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
International Journal of Information and Computer Security
Provably correct inline monitoring for multithreaded Java-like programs
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
JACK: a tool for validation of security and behaviour of Java applications
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
On run-time enforcement of policies
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Automata-based confidentiality monitoring
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Enhancing Java security with history based access control
Foundations of security analysis and design IV
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
A theory of runtime enforcement, with results
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
ADsafety: type-based verification of JavaScript Sandboxing
SEC'11 Proceedings of the 20th USENIX conference on Security
An exception monitoring system for java
RISE'04 Proceedings of the First international conference on Rapid Integration of Software Engineering Techniques
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Capabilities for information flow
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Aspect-Oriented runtime monitor certification
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Enforceable security policies revisited
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Security-policy monitoring and enforcement with JavaMOP
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
On-the-Fly inlining of dynamic dependency monitors for secure information flow
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Enhancing javascript with transactions
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
TreeDroid: a tree automaton based approach to enforcing data processing policies
Proceedings of the 2012 ACM conference on Computer and communications security
Challenges in defining a programming language for provably correct dynamic analyses
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
AppGuard: enforcing user requirements on android apps
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
RetroSkeleton: retrofitting android apps
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Enforceable Security Policies Revisited
ACM Transactions on Information and System Security (TISSEC)
Inlined monitors for security policy enforcement in web applications
Proceedings of the 17th Panhellenic Conference on Informatics
Flexible access control for javascript
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Iterative enforcement by suppression: Towards practical enforcement theories
Journal of Computer Security - ARSPA-WITS'10
| Hi-index | 0.01 |
Embedding security enforcement code into applications is an alternative to traditional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible general-purpose enforcement of security policies, and they are especially well suited for extensible systems and other non-traditional platforms. IRMs can exhibit similar, or even better, performance than previous approaches and can help increase assurance by contributing little to the size of a trusted computing base. Moreover, IRMs' agility in distributed settings allows for their cost-effective and trustworthy deployment in many scenarios. In this dissertation, IRM implementations are derived from formal automatabased specifications of security policies. Then, an IRM toolkit for Java is described in detail. This Java IRM toolkit uses an imperative policy language that allows a security policy, in combination with the details of its enforcement, to be given in a single complete specification. Various example policies, including the stack-inspection policy of Java, illustrate the approach. These examples shed light on practical issues in policy specification, the support needed from an IRM toolkit, and the advantages of the IRM approach.