Supporting Security Monitor-Aware Development

With the emergence of support for third-party applications on mobile devices such as cell phones and PDA's, support for setting application security policies is also built into these devices. While this can significantly increase security for end-users, it also significantly complicates the task of building useful and reliable applications for these devices. Different devices will set different policies, and violations of the policy will lead to security exceptions or even immediate abortion of the application potentially leaving it in an inconsistent state. This paper addresses this issue in the context of application security policies specified by means of security automata, and enforced by means of run-time monitoring. We propose a language element, the check block, that developers can use to make their applications more security monitor-aware. At run-time, a check block will query the security policy enforced by the monitor to make sure that the body of the block will not lead to policy-violations. At compile time, a static check ensures that the generated runtime check is adequate. We present a formalization of the static and dynamic semantics of the check block, and we outline how it can be implemented on top of C# or Java.

[1]  Frank Piessens,et al.  Static Verification of Code Access Security Policy Compliance of .NET Applications , 2006, J. Object Technol..

[2]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[3]  Daniel C. DuVarney,et al.  Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[4]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.

[5]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[6]  Sophia Drossopoulou,et al.  Session Types for Object-Oriented Languages , 2006, ECOOP.

[7]  George C. Necula,et al.  Enforcing Resource Bounds via Static Verification of Dynamic Checks , 2005, ESOP.

[8]  Acm Sigsoft,et al.  Proceedings of the third International Workshop on Software Engineering for Secure Systems , 2007 .

[9]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[10]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[11]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[12]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[13]  Yoonsik Cheon,et al.  Specifying and Checking Method Call Sequences in JML , 2005, Software Engineering Research and Practice.