Skip to main content
Springer Nature Link
Log in

Security Monitor Inlining for Multithreaded Java

  • Conference paper
ECOOP 2009 – Object-Oriented Programming (ECOOP 2009)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5653))

Included in the following conference series:

  • 1527 Accesses

Abstract

Program monitoring is a well-established and efficient approach to security policy enforcement. An implementation of program monitoring that is particularly appealing for application-level policy enforcement is monitor inlining: the application is rewritten to push monitoring and policy enforcement code into the application itself. The intention is that the inserted code enforces compliance with the policy (security), and otherwise interferes with the application as little as possible (conservativity and transparency).

For sequential Java-like languages, provably correct inlining algorithms have been proposed, but for the multithreaded setting, this is still an open problem. We show that no inliner for multithreaded Java can be both secure and transparent. It is however possible to identify a broad class of policies for which all three correctness criteria can be obtained. We propose an inliner that is correct for such policies, implement it for Java, and show that it is practical by reporting on some benchmarks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE Symposium on Security and Privacy, pp. 32–45 (1999)

    Google Scholar 

  2. Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: a retrospective. In: Proc. Workshop on New Security Paradigms (NSPW 1999), pp. 87–95. ACM Press, New York (2000)

    Chapter  Google Scholar 

  3. Schneider, F.B.: Enforceable security policies. ACM Trans. Information and System Security 3(1), 30–50 (2000)

    Article  MathSciNet  Google Scholar 

  4. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)

    Article  Google Scholar 

  5. Erlingsson, Ú.: The inlined reference monitor approach to security policy enforcement. Ph.D thesis, Dept. of Computer Science, Cornell University (2004)

    Google Scholar 

  6. Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: PLDI, pp. 305–314 (2005)

    Google Scholar 

  7. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on .NET. In: PLAS, pp. 7–16 (2006)

    Google Scholar 

  8. Erlingsson, Ú., Schneider, F.B.: IRM enforcement of Java stack inspection. In: IEEE Symposium on Security and Privacy, pp. 246–255 (2000)

    Google Scholar 

  9. Aktug, I., Dam, M., Gurov, D.: Provably correct runtime monitoring. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 262–277. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Vanoverberghe, D., Piessens, F.: A caller-side inline reference monitor for an object-oriented intermediate language. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 240–258. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Chen, F., Rosu, G.: Java-MOP: A monitoring oriented programming environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: PLAS, pp. 11–20 (2008)

    Google Scholar 

  13. Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Provably correct inline monitoring for multithreaded Java-like programs. Journal of Computer Security (2009)

    Google Scholar 

  14. Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Sec. 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  15. Ligatti, J.A.: Policy Enforcement via Program Monitoring. Ph.D thesis, Princeton University (2006)

    Google Scholar 

  16. Viswanathan, M.: Foundations for the run-time analysis of software systems. Ph.D thesis, University of Pennsylvania (2000)

    Google Scholar 

  17. Verhanneman, T., Piessens, F., De Win, B., Joosen, W.: Uniform application-level access control enforcement of orginzationwide policies. In: Twenty-First Annual Computer Security Applications Conference, pp. 389–398 (2005)

    Google Scholar 

  18. Dantas, D.S., Walker, D.: Harmless advice. In: POPL, pp. 383–396 (2006)

    Google Scholar 

  19. Shah, V., Hill, F.: An aspect-oriented security framework. In: Proceedings of the DARPA Information Survivability Conference, pp. 143–145 (2004)

    Google Scholar 

  20. Gosling, J., Joy, B., Steele, G., Bracha, G.: Java Language Specification, 3rd edn. Prentice Hall, Englewood Cliffs (2005)

    MATH  Google Scholar 

  21. Jeffrey, A., Rathke, J.: Java Jr: Fully abstract trace semantics for a core Java language. In: ESOP, pp. 423–438 (2005)

    Google Scholar 

  22. Jeffrey, A., Rathke, J.: A fully abstract may testing semantics for concurrent objects. Theor. Comput. Sci. 338(1-3), 17–63 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  23. Aktug, I., Naliuka, K.: ConSpec – a formal language for policy specification. Electron. Notes Theor. Comput. Sci. 197(1), 45–58 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  24. Lindholm, T., Yellin, F.: Java Virtual Machine Specification. Addison-Wesley Longman Publishing Co., Inc., Boston (1999)

    Google Scholar 

  25. ObjectWeb: Asm - home page (February 2008)

    Google Scholar 

  26. Freund, S.N., Mitchell, J.C.: A type system for object initialization in the Java bytecode language. ACM Trans. Program. Lang. Syst. 21(6), 1196–1250 (1999)

    Article  Google Scholar 

  27. Leroy, X.: Java bytecode verification: Algorithms and formalizations. J. Autom. Reasoning 30(3-4), 235–269 (2003)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KTH, Sweden

    Mads Dam & Andreas Lundblad

  2. K.U. Leuven, Belgium

    Bart Jacobs & Frank Piessens

Authors
  1. Mads Dam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bart Jacobs
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Lundblad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College London, 180 Queen’s Gate, SW7 2AZ, London, UK

    Sophia Drossopoulou

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dam, M., Jacobs, B., Lundblad, A., Piessens, F. (2009). Security Monitor Inlining for Multithreaded Java. In: Drossopoulou, S. (eds) ECOOP 2009 – Object-Oriented Programming. ECOOP 2009. Lecture Notes in Computer Science, vol 5653. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03013-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03013-0_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03012-3

  • Online ISBN: 978-3-642-03013-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics