Run-time enforcement of nonsafety policies

ACM Transactions on Information and System Security

Volumn 12, Issue 3, 2009, Pages

  Ligatti, Jay ^a   Bauer, Lujo ^b   Walker, David ^c  

^a UNIVERSITY OF SOUTH FLORIDA   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

^c PRINCETON UNIVERSITY   (United States)

Author keywords

Liveness; Monitoring; Policy enforcement; Safety; Security automata; Security policies

Indexed keywords

LIVENESS; MONITORING; POLICY ENFORCEMENT; SAFETY; SECURITY AUTOMATA; SECURITY POLICIES;

TRANSLATION (LANGUAGES);

SECURITY SYSTEMS;

EID: 60349103393     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1455526.1455532     Document Type: Article

References (55)

1. ABADI, M. AND FOURNET, C. 2003. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Symposium (NDSS'03).
2. ABADI, M. AND LAMPORT, L. 1993. Composing specifications. ACM Trans. Program. Lang. Syst. 15, 1, 73-132.
3. AKTUG, I., DAM, M., AND GUROV, D. 2008. Provably correct runtime monitoring. In Proceedings of the 15th International Symposium on Formal Methods (FM'08). 262-277.
4. ALPERN, B. AND SCHNEIDER, F. B. 1985. Defining liveness. Inform. Process. Lett. 21, 4, 181-185.
5. ALPERN, B. AND SCHNEIDER, F. B. 1987. Recognizing safety and liveness. Distrib. Comput. 2, 117-126.
6. BAUER, L., LIGATTI, J., AND WALKER, D. 2002. More enforceable security policies. In Proceedings of the Annual Symposium on Foundations of Computer Security (FOCS'02). Copenhagen, Denmark.
7. BAUER, L., LIGATTI, J., AND WALKER, D. 2003. Types and effects for non-interfering program monitors. In Proceedings of the Software Security-Theories and Systems. Mext-NSF-JSPS International Symposium, (ISSS'02). Tokyo, Japan, Revised Papers, M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa, Eds. Lecture Notes in Computer Science, vol. 2609. Springer.
8. BAUER, L., LIGATTI, J., AND WALKER, D. 2005a. Composing security policies with Polymer. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI'05).
9. BAUER, L., LIGATTI, J., AND WALKER, D. 2005b. Polymer: A language for composing run-time security policies. http://www.cs.princeton.edu/sip/projects/polymer/.
10. BIBA, K. J. 1975. Integrity considerations for secure computer systems. Tech. rep. ESD-TR-76-372, MITRE Corporation.
11. BONATTI, P., DI VIMEECATI, S. D. C., AND SAMARATI, P. 2002. An algebra for composing access control policies. ACM Trans. Inform. Syst. Secur. 5, 1, 1-35.
12. BREWER, D. F. C. AND NASH, M. J. 1989. The Chinese Wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy (SP'89). 206-214.
13. BÜCHI, J. R. 1962. On a decision method in restricted second order arithmetic. In Proceedings of the 1960 International Congress on Logic, Methodology, and Philosophy of Science (CLMPS'60). 1-11.
14. DAMIANOU, N., DULAY, N., LUPU, E., AND SLOMAN, M. 2001. The Ponder policy specification language. Lecture Notes in Computer Science, vol. 1995, 18-39.
15. EDJLALI, G., ACHARYA, A., AND CHAUDHARY, V. 1998. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS'98). 38-48.
16. ELMASEI, R. AND NAVATHE, S. B. 1994. Fundamentals of Database Systems. The Benjamin/Cummings Publishing Company, Inc.
17. EELINGSSON, U. 2004. The inlined reference monitor approach to security policy enforcement. Ph.D. thesis, Cornell University.
18. EELINGSSON, U. AND SCHNEIDER, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (NSPW'99). 87-95.
19. EELINGSSON, U. AND SCHNEIDEE, F. B. 2000. IRM enforcement of Java stack inspection. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (SP'00).
20. EVANS, D. 2000. Policy-directed code safety. Ph.D. thesis, Massachusetts Institute of Technology.
21. EVANS, D. AND TWYMAN, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy (SP'99).
22. FONG, P. W. L. 2004. Access control by tracking shallow execution history. In Proceedings of the IEEE Symposium on Security and Privacy (SP'04).
23. HAMLEN, K. 2006. Security policy enforcement by automated program-rewriting. Ph.D. thesis, Cornell University.
24. HAMLEN, K., MOEEISETT, G., AND SCHNEIDER, F. B. 2006a. Computability classes for enforcement mechanisms. ACM Trans. Progam. Lang. Syst. 28, 1, 175-205.
25. HAMLEN, K. W., MORRISETT, G., AND SCHNEIDER, F. B. 2006b. Certified in-lined reference monitoring on. NET In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS'06). 7-16.
26. HAEEIS, T., MAELOW, S., JONES, S. L. P., AND HEELIHY, M. 2005. Composable memory transactions. In Proceedings of the ACM Symposium on Principles & Practice of Parallel Programming (PPoPP'05). 48-60.
27. HAVELUND, K. AND ROŞU, G. 2004. Efficient monitoring of safety properties. Int. J. Softw. Tools Technol. Trans. 6, 2, 158-173.
28. JEFFERY, C., ZHOU, W., TEMPLER, K., AND BEAZELL, M. 1998. A lightweight architecture for program execution monitoring. In Proceedings of the Program Analysis for Software Tools and Engineering. ACM Press, 67-74.
29. KIM, M., KANNAN, S., LEE, I., SOKOLSKY, O., AND VISWANTATHAN, M. 2002. Computational analysis of run-time monitoring-fundamentals of Java-MaC. In Proceedings of the 2nd International Workshop on Runtime Verification (RV'02).
30. KIM, M., VISWANATHAN, M., BEN-A BDALLAH, H., KANNAN, S., LEE, I., AND SOKOLSKY, O. 1999. Formally specified monitoring of temporal properties. In Proceedings of the 11th Euromicro Conference on Real-Time Systems (ECRTS'99).
31. LAMPOET, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Engin. 3, 2, 125-143.
32. LIAO, Y. AND COHEND. 1992. A specificational approach to high level program monitoring and measuring. IEEE Trans. Softw. Engin. 18, 11, 969-978.
33. LIGATTI, J. 2006. Policy enforcement via program monitoring. Ph.D. thesis, Princeton University.
34. LIGATTI, J., BAUER, L., AND WALKER, D. 2003. Edit automata: Enforcement mechanisms for run-time security policies. Tech. rep. TR-681-03, Princeton University.
35. LIGATTI, J., BAUER, L., AND WALKER, D. 2005a. Edit automata: Enforcement mechanisms for run-time security policies. Int. J. Inform. Secur. 4, 1-2, 2-16.
36. LLGATTI, J., BAUER, L., AND WALKER, D. 2005b. Enforcing non-safety security policies with program monitors. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS'05).
37. LYNCH, N. A. AND TUTTLE, M. R. 1987. Hierarchical correctness proofs for distributed algorithms. In Proceedings of the 6th annual ACM Symposium on Principles of Distributed Computing (PODC'87). ACM Press, 137-151.
38. MANTEL, H. 2002. On the composition of secure systems. In Proceedings of the IEEE Symposium on Security and Privacy (SP'02). 88-101.
39. MAETINELLI, F. AND MATTEUCCI, I. 2007a. An approach for the specification, verification and synthesis of secure systems. Electron. Notes Theor. Comput. Sci. 168, 29-43.
40. MARTINELLI, F. AND MATTEUCCI, I. 2007b. Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci. 179, 31-46.
41. MARTINELLI, F. AND MORI, P. 2007. Enhancing Java security with history based access control. In Foundations of Security Analysis and Design.
42. MATTEUCCI, I. 2006. A tool for the synthesis of programmable controllers. In Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust (FAST'06).
43. MATTEUCCI, I. 2007. Automated synthesis of enforcing mechanisms for security properties in a timed setting. Electron. Notes Theor. Comput. Sci. 186, 101-120.
44. MCLEAN, J. 1996. A general theory of composition for a class of possibilistic properties. IEEE Trans. Softw. Engin. 22, 1, 53-67.
45. MILNER, R. 1978. Synthesis of communicating behaviour. In Mathematical Foundations of Computer Science. Lecture Notes in Computer Science, vol. 64. 71-83.
46. @PAXTON, W. H. 1979. A client-based transaction system to maintain data integrity. In Proceedings of the 7th ACM Symposium on Operating Systems Principles (OSP'79). ACM Press, 18-23.
47. ROBINSON, W. 2002. Monitoring software requirements using instrumented code. In Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02). 3967-3976.
48. SCHNEIDER, F. B. 1987. Decomposing properties into safety and liveness using predicate logic. Tech. rep. TR 87-874, Cornell University.
49. SCHNEIDER, F. B. 2000. Enforceable security policies. ACM Trans. Inform. Syst. Secur. 3, 1, 30-50.
50. SEN, K., VARDHAN, A., AGHA, G., AND ROSU, G. 2004. Efficient decentralized monitoring of safety in distributed systems. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04). 418-427.
51. SHAVIT, N. AND TOUITOU, D. 1995. Software transactional memory. In Proceedings of the ACM Symposium on Principles of Distributed Computing (PODC'95). 204-213.
52. VISWANATHAN, M. 2000. Foundations for the run-time analysis of software systems. Ph.D. thesis, University of Pennsylvania.
53. WAHBE, R., LUCCO, S., ANDERSON, T., AND GRAHAM, S. 1993. Efficient software-based fault isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles (OSP'93). 203-216.
54. WALKER, D. 2000. A type system for expressive security policies. In Proceedings of the 27th ACM Symposium on Principles of Programming Languages (POPL'00). 254-267.
55. YU, D., CHANDER, A., ISLAM, N., AND SERIKOV, I. 2007. JavaScript instrumentation for browser security. In Proceedings of the 34th annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (SIGACT'07). 237-249.