Certified In-lined Reference Monitoring on .NET

MOBILE is an extension of the .NET Common Intermediate Language that supports certified In-Lined Reference Monitoring. Mobile programs have the useful property that if they are well-typed with respect to a declared security policy, then they are guaranteed not to violate that security policy when executed. Thus, when an In-Lined Reference Monitor (IRM) is expressed in Mobile, it can be certified by a simple type-checker to eliminate the need to trust the producer of the IRM.Security policies in Mobile are declarative, can involve unbounded collections of objects allocated at runtime, and can regard infinite-length histories of security events exhibited by those objects. The prototype Mobile implementation enforces properties expressed by finite-state security automata - one automaton for each security-relevant object - and can type-check Mobile programs in the presence of exceptions, finalizers, concurrency, and non-termination. Executing Mobile programs requires no change to existing .NET virtual machine implementations, since Mobile programs consist of normal managed CIL code with extra typing annotations stored in .NET attributes.

[1]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[2]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.

[3]  Andrew D. Gordon,et al.  Typing a multi-language intermediate code , 2001, POPL '01.

[4]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Andrew Bernard,et al.  Engineering formal security policies for proof-carrying code , 2004 .

[6]  Ecma,et al.  Common Language Infrastructure (CLI) , 2001 .

[7]  Don Syme ILX: Extending the .NET Common IL for Functional Language Interoperability , 2001, Electron. Notes Theor. Comput. Sci..

[8]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[9]  Matthew Fluet,et al.  A Linear Language with Locations , 2007 .

[10]  Dan Grossman,et al.  Types for describing coordinated data structures , 2005, TLDI '05.

[11]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[12]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[13]  Peter Lee,et al.  Temporal Logic for Proof-Carrying Code , 2002, CADE.

[14]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[15]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[16]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[17]  David Walker,et al.  Alias Types , 2000, ESOP.

[18]  Andrew Kennedy,et al.  Design and implementation of generics for the .NET Common language runtime , 2001, PLDI '01.

[19]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[20]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[21]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[22]  Scott F. Smith,et al.  History Effects and Verification , 2004, APLAS.

[23]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[24]  J. Gregory Morrisett,et al.  L3: A Linear Language with Locations , 2007, Fundam. Informaticae.

[25]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[26]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[27]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[28]  Robert DeLine,et al.  The fugue protocol checker: is your software baroque? technical report msr-tr-2004-07 , 2004 .

[29]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[30]  Mahesh Viswanathan,et al.  Java-MaC: A Run-Time Assurance Approach for Java Programs , 2004, Formal Methods Syst. Des..