On the Automated Synthesis of Proof-Carrying Temporal Reference Monitors

We extend the range of security policies that can be guaranteed with proof carrying code from the classical type safety, control safety, memory safety, and space/time guarantees to more general security policies, such as general resource and access control. We do so by means of (1) a specification logic for security policies, which is the past-time fragment of LTL, and (2) a synthesis algorithm generating reference monitor code and accompanying proof objects from formulae of the specification logic. To evaluate the feasibility of our approach, we developed a prototype implementation producing proofs in Isabelle/HOL.

[1]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[2]  Andrei Voronkov,et al.  Automated Deduction—CADE-18 , 2002, Lecture Notes in Computer Science.

[3]  Gilles Barthe,et al.  Proof Obligations Preserving Compilation , 2005, Formal Aspects in Security and Trust.

[4]  Amir Pnueli,et al.  Propositional Temporal Logics: Decidability and Completeness , 2000, Log. J. IGPL.

[5]  Marcelo d'Amorim,et al.  Efficient Monitoring of omega-Languages , 2005, CAV.

[6]  G. Barthe,et al.  Mobile Resource Guarantees for Smart Devices , 2005 .

[7]  Grzegorz Rozenberg,et al.  Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency , 1988, Lecture Notes in Computer Science.

[8]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[9]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[10]  Zohar Manna,et al.  The anchored version of the temporal framework , 1988, REX Workshop.

[11]  T. Nipkow Hoare Logics in Isabelle/HOL , 2002 .

[12]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[13]  Manuel M. T. Chakravarty,et al.  Secure Untrusted Binaries - Provably! , 2005, Formal Aspects in Security and Trust.

[14]  Marc Geilen,et al.  On the Construction of Monitors for Temporal Logic Properties , 2001, RV@CAV.

[15]  Doron A. Peled,et al.  From model checking to a temporal proof , 2001, SPIN '01.

[16]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[17]  Peter Lee,et al.  Temporal Logic for Proof-Carrying Code , 2002, CADE.

[18]  H. Schwichtenberg,et al.  Proof and System-Reliability , 2002 .

[19]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[20]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[21]  Koushik Sen,et al.  Program monitoring with LTL in EAGLE , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[22]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[23]  Grigore Rosu,et al.  Synthesizing Monitors for Safety Properties , 2002, TACAS.

[24]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[25]  Marcelo d'Amorim,et al.  A Formal Monitoring-Based Framework for Software Development and Analysis , 2004, ICFEM.

[26]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.