Abstract
Monitoring untrusted code for harmful behaviour is an important security issue. Many approaches have been proposed for restricting activities and the range of untrusted code. Among these, run-time monitoring is a promising approach for constricting run-time behaviour of programs. In this paper we describe a method of containing the effects of untrusted code with respect to a specified policy. We use a guarded command like language for specifying policies that could monitor system calls, APIs or library routines of the underlying system. We also discuss a system call monitoring architecture for an operating system like Linux. We provide semantics of the language in terms of Security Automata and also discuss how pure past temporal properties can be automatically compiled into policies in guarded command language. This allows users to specify policies in terms of logical formulae and automatically generate monitoring algorithm for the same in terms of guarded commands. We show how simple modifications allow us to specify constraints on the overall behaviour of a group of processes.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Acharya, A., Raje, M.: MAPbox: using parameterized behavior classes to confine untrusted applications. In: SSYM 2000. Proceedings of the 9th conference on USENIX Security Symposium, Denver, Colorado, p. 1. USENIX Association, Berkeley, CA, USA (2000)
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (2005)
Chari, S.N., Cheng, P.-C.: Bluebox: A policy-driven, host-based intrusion detection system. ACM Trans. Inf. Syst. Secur. 6(2), 173–200 (2003)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM 18(8), 453–457 (1975)
Erlingsson, U.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Department of Computer Science, Cornell University (2003)
Evans, D.: Policy-Directed Code Safety. PhD thesis, Dept. of Electrical Engg. amd Computer Science, Massachusetts Institute of Technology (February 2000)
Fong, P.W.L.: Access control by tracking shallow execution history. In: Proceedings, IEEE Symposium on Security and Privacy, 2004, pp. 43–55 (May 2004)
Fraser, T., Badger, L., Feldman, M.: Hardening COTS software with generic software wrappers. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999, pp. 2–16 (1999)
Hamlen, K., Morrisett, G., Schneider, F.: Computability classes for enforcement mechanisms. Technical Report 2003-1908, Department of Computer Science, Cornell University (2003)
Havelund, K., Rosu, G.: Efficient monitoring of safety properties. International Journal on Software Tools for Technology Transfer 6(2), 158–173 (2004)
Kim, M., Kannan, S., Lee, I., Sokolsky, O.: Java-mac: a run-time assurance tool for java. In: 1st International Workshop on Run-time Verification, vol. 55 (2001)
Lichtenstein, O., Pnueli, A., Zuck, L.D.: The glory of the past. In: Parikh, R. (ed.) Logics of Programs. LNCS, vol. 193, pp. 196–218. Springer, Heidelberg (1985)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(5), 2–16 (2005)
McGraw, G., Morrisett, G.: Attacking malicous code: a report to the infosec research council. Software, IEEE 17(5), 33–41 (2000)
Provos, N.: Improving host security with system call policies. In: SSYM 2003. Proceedings of the 12th conference on USENIX Security Symposium, Washington, DC, p. 18. USENIX Association, Berkeley, CA, USA (2003)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Shah, H., Shyamasundar, R.K.: Efficient automata generation for pure past LTL. Technical report, School of Technology and Computer Science, TIFR (2007)
Thomson, K.: Reflections on trusting trust. Communication of the ACM 27(8), 761–763 (1984)
Uppuluri, P., Sekar, R.: Experiences with specification-based intrusion detection. In: RAID 2000. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 172–189. Springer, Heidelberg (2001)
Wagner, D.: Janus: an approach for confinement of untrusted applications. Technical Report CSD-99-1056, University of California, Berkeley (1999)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shah, H., Shyamasundar, R.K. (2007). On Run-Time Enforcement of Policies. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-76929-3_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76927-9
Online ISBN: 978-3-540-76929-3
eBook Packages: Computer ScienceComputer Science (R0)