Skip to main content
SpringerLink
Log in

Model-Checking In-Lined Reference Monitors

  • Conference paper
Book cover Verification, Model Checking, and Abstract Interpretation (VMCAI 2010)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5944))

Abstract

A technique for elegantly expressing In-lined Reference Monitor (IRM) certification as model-checking is presented and implemented. In-lined Reference Monitors (IRM’s) enforce software security policies by in-lining dynamic security guards into untrusted binary code. Certifying IRM systems provide strong formal guarantees for such systems by verifying that the instrumented code produced by the IRM system satisfies the original policy. Expressing this certification step as model-checking allows well-established model-checking technologies to be applied to this often difficult certification task. The technique is demonstrated through the enforcement and certification of a URL anti-redirection policy for ActionScript web applets.

This research was supported by AFOSR YIP award number FA9550-08-1-0044.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aktug, I., Naliuka, K.: ConSpec - a formal language for policy specification. Science of Computer Programming 74, 2–12 (2008)

    Article  MATH  Google Scholar 

  2. Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2, 117–126 (1986)

    Article  Google Scholar 

  3. Balakrishnan, G., Reps, T.W., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S.H., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with CodeSurfer/x86 and WPDS++. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 158–163. Springer, Heidelberg (2005)

    Google Scholar 

  4. Chang, B.-Y.E., Chlipala, A., Necula, G.C.: A framework for certified program analysis and its applications to mobile-code safety. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 174–189. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Chen, F.: Java-MOP: A monitoring oriented programming environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)

    Google Scholar 

  6. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. Symposium on Principles of Prog. Languages, pp. 234–252 (1977)

    Google Scholar 

  7. Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  8. Denis, F., Lemay, A., Terlutte, A.: Residual finite state automata. In: Ferreira, A., Reichel, H. (eds.) STACS 2001. LNCS, vol. 2010, pp. 144–157. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. DeVries, B.W., Gupta, G., Hamlen, K.W., Moore, S., Sridhar, M.: ActionScript bytecode verification with co-logic programming. In: Proc. ACM Workshop on Prog. Languages and Analysis for Security (PLAS) (2009)

    Google Scholar 

  10. Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop (1999)

    Google Scholar 

  11. fukami, Fuhrmannek, B.: SWF and the malware tragedy. In: Proc. OWASP Application Security Conference (2008)

    Google Scholar 

  12. Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Proc. ACM Workshop on Prog. Languages and Analysis for Security (PLAS) (2008)

    Google Scholar 

  13. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on.NET. In: Proc. ACM Workshop on Prog. Languages and Analysis for Security (PLAS) (2006)

    Google Scholar 

  14. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. In: ACM Trans. Prog. Languages and Systems (2006)

    Google Scholar 

  15. Kisser, W., Havelund, K., Brat, G., Park, S., Lerda, F.: Model checking programs. Automated Software Engineering Journal 10(2) (April 2003)

    Google Scholar 

  16. Ruys, T.C., de Brugh, N.H.M.A.: MMC: the Mono Model Checker. Electron. Notes Theor. Comput. Sci. 190(1), 149–160 (2007)

    Article  Google Scholar 

  17. Schneider, F.B.: Enforceable security policies. ACM Trans. Information and System Security 3, 30–50 (2000)

    Article  Google Scholar 

  18. Shapiro, L., Sterling, E.Y.: The Art of PROLOG: Advanced Programming Techniques. MIT Press, Cambridge (1994)

    MATH  Google Scholar 

  19. Simon, L., Mallya, A., Bansal, A., Gupta, G.: Coinductive logic programming. In: Etalle, S., Truszczyński, M. (eds.) ICLP 2006. LNCS, vol. 4079, pp. 330–345. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Texas at Dallas, 800 W. Campbell Rd., Richardson, TX, 75080, USA

    Meera Sridhar & Kevin W. Hamlen

Authors
  1. Meera Sridhar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin W. Hamlen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Facultad de Informatica (UPM), IMDEA Software, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  2. Facultad de Informatica (UPM), IMDEA Software and Technical University of Madrid, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain

    Manuel Hermenegildo

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sridhar, M., Hamlen, K.W. (2010). Model-Checking In-Lined Reference Monitors. In: Barthe, G., Hermenegildo, M. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2010. Lecture Notes in Computer Science, vol 5944. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11319-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11319-2_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11318-5

  • Online ISBN: 978-3-642-11319-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation