Weaving rewrite-based access control policies
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Aspect-oriented in-lined reference monitors
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
ActionScript bytecode verification with co-logic programming
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Runtime enforcement monitors: composition, synthesis, and enforcement abilities
Formal Methods in System Design
Hi-index | 0.00 |
Traditional approaches to protecting computer systems from malicious or other misbehaved code typically involve (1) monitoring code for unacceptable behavior as it runs, or (2) detecting potentially misbehaved code and preventing it from running at all. These approaches are effective when unacceptable behavior can be detected in time to take remedial action, but in many settings and for many important security policies this is computationally expensive or provably impossible.A third approach, termed in this dissertation program-rewriting , involves automatically rewriting code prior to running it in such a way that acceptable behavior is preserved but unacceptable behavior is not. Rewritten code can be run without further analysis or monitoring because it is guaranteed to exhibit only acceptable behavior. Program-rewriting has received recent attention in the literature in the form of in-lined reference monitors, which implement approach 1 above by in-lining security checks directly into the code being monitored. Program-rewriting generalizes in-lined reference monitoring, encompassing many other strategies for automatically rewriting programs as well. This dissertation provides a formal characterization of the class of security policies enforceable by program-rewriting and shows that it is strictly greater than the classes of policies enforceable by all other known approaches combined. The dissertation also presents the design and implementation of a certified program-rewriting system for the .NET Common Language Infrastructure, showing that program-rewriters can be developed for real architectures. The extra step of certification provides a formal proof that the program-rewriter produces code that satisfies the security policy, resulting in additional guarantees that the implementation is correct, and higher levels of assurance.