Abstract
A promising solution to the problem of securing potentially malicious mobile code lies in the use of program monitors. Such monitors can be in-lined into an untrusted program to produce an instrumented code that provably satisfies the security policy. It is well known that enforcement mechanisms based on Schneider’s security automata only enforce safety properties [1]. Yet subsequent studies show that a wider range of properties than those implemented so far could be enforced using monitors. In this paper, we present an approach to produce a model of an instrumented program from a security requirement represented by a Rabin automaton and a model of the program. Based on an a priori knowledge of the program behavior, this approach allows to enforce, in some cases, more than safety properties. We provide a theorem stating that a truncation enforcement mechanism considering only the set of possible executions of a specific program is strictly more powerful than a mechanism considering all the executions over an alphabet of actions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Transactions on Programming Languages and Systems (TOPLAS) 28(1), 175–205 (2006)
Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Proceedings of the Foundations of Computer Security Workshop, Copenhagen, Denmark (July 2002)
Perrin, D., Pin, J.-É.: Infinite Words, ser. Pure and Applied Mathematics, vol. 141. Elsevier, Amsterdam (2004)
Ramadge, P.J., Wonham, W.M.: The control of discrete event systems. IEEE Proceedings: Special issue on Discrete Event Systems 77(1), 81–97 (1989)
Langar, M., Mejri, M.: Optimizing enforcement of security policies. In: Proceedings of the Foundations of Computer Security Workshop (FCS 2005) affiliated with LICS 2005 (Logics in Computer Science) (June-July 2005)
Aho, A.V., Sethi, R., Ullman, J.D.: Compilers, Principles, Techniques, and Tools. Addison-Wesley, Reading (1986)
Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker Blast: Applications to software engineering. International Journal on Software Tools for Technology Transfer (STTT) 9(5-6), 505–525 (2007)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security (2004)
Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. In: di de Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)
Fong, P.: Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, Oakland,California, USA (May 2004)
Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitations constraints. Information and Computation 206(1), 158–184 (2008)
Bauer, A., Leucker, M., Schallhart, C.: Monitoring of real-time properties. In: Arun-Kumar, S., Garg, N. (eds.) FSTTCS 2006. LNCS, vol. 4337, pp. 260–272. Springer, Heidelberg (2006)
Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proceedings of the WNSP: New Security Paradigms Workshop. ACM Press, New York (2000)
Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (January 2000)
Kim, M.: Information extraction for run-time formal analysis. Ph.D. dissertation, University of Pennsylvania (2001)
Kim, M., Viswanathan, M., Kannan, S., Lee, I., Sokolsky, O.: Java-mac: A run-time assurance approach for java programs. Formal Methods in Systems Design 24(2), 129–155 (2004)
Lee, I., Kannan, S., Kim, M., Sokolsky, O., Viswanathan, M.: Runtime assurance based on formal specifications. In: Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (1999)
Sokolsky, O., Kannan, S., Kim, M., Lee, I., Viswanathan, M.: Steering of real-time systems based on monitoring and checking. In: Proceedings of the Fifth International Workshop on Object-Oriented Real-Time Dependable Systems, WORDS 1999, p. 11. IEEE Computer Society, Washington (1999)
Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. Ph.D. dissertation, Cornell University, Ithaca, NY, USA (2004)
Tarjan, R.E.: Depth-first search and linear graph algorithms. SIAM Journal on Computing 1(2), 146–160 (1972)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chabot, H., Khoury, R., Tawbi, N. (2009). Generating In-Line Monitors for Rabin Automata. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds) Identity and Privacy in the Internet Age. NordSec 2009. Lecture Notes in Computer Science, vol 5838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04766-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-04766-4_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04765-7
Online ISBN: 978-3-642-04766-4
eBook Packages: Computer ScienceComputer Science (R0)