Skip to main content
Springer Nature Link
Log in

Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

  • Conference paper
Information Security Practice and Experience (ISPEC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4991))

Abstract

Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.

This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Cervesato, I. (ed.) Foundations of Computer Security: Proceedings of the FLoC 2002 workshop on Foundations of Computer Security, Copenhagen, Denmark, DIKU Technical Report, July 25–26, pp. 95–104 (2002)

    Google Scholar 

  2. Bauer, L., Ligatti, J., Walker, D.: A language and system for composing security policies. Technical Report TR-699-04, Princeton University (January 2004)

    Google Scholar 

  3. Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: PLDI 2005: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, New York, NY, USA, pp. 305–314. ACM, New York (2005)

    Chapter  Google Scholar 

  4. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: ICSE 1999: Proceedings of the 21st international conference on Software engineering, Los Alamitos, CA, USA, pp. 411–420. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  5. Edjlali, G., Acharya, A., Chaudhary, V.: History-based access-control for mobile code. Technical report, University of California at Santa Barbara, Santa Barbara, CA, USA (1998)

    Google Scholar 

  6. Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy (SP 2000), Washington, DC, USA, p. 246. IEEE Computer Society, Los Alamitos (2000)

    Google Scholar 

  7. Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE Symposium on Security and Privacy, pp. 32–45. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  8. Farmer, D., Venema, W.: Forensic Discovery. Professional Computing Series. Addison-Wesley, Reading (2004)

    Google Scholar 

  9. Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1–2), 2–16 (2005)

    Article  Google Scholar 

  10. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering Methodology 9(4), 410–442 (2000)

    Article  Google Scholar 

  11. Provos, N.: Improving host security with system call policies. In: Paxson, V. (ed.) Proceedings of 12th USENIX Security Symposium, Washington, DC, USENIX, pp. 128–146 (August 2003)

    Google Scholar 

  12. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  Google Scholar 

  13. Sekar, R., Uppuluri, P.: Synthesizing fast intrusion prevention/detection systems from high-level specifications. In: SSYM 1999: Proceedings of the 8th conference on USENIX Security Symposium, Berkeley, CA, USA, p. 6. USENIX Association (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Birmingham, Edgbaston, Birmingham, UK, B15 2TT

    Andrew Brown & Mark Ryan

Authors
  1. Andrew Brown
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Ryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Liqun Chen Yi Mu Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Brown, A., Ryan, M. (2008). Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software. In: Chen, L., Mu, Y., Susilo, W. (eds) Information Security Practice and Experience. ISPEC 2008. Lecture Notes in Computer Science, vol 4991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79104-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-79104-1_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-79103-4

  • Online ISBN: 978-3-540-79104-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics