Generating In-Line Monitors for Rabin Automata

A promising solution to the problem of securing potentially malicious mobile code lies in the use of program monitors. Such monitors can be in-lined into an untrusted program to produce an instrumented code that provably satisfies the security policy. It is well known that enforcement mechanisms based on Schneider's security automata only enforce safety properties [1]. Yet subsequent studies show that a wider range of properties than those implemented so far could be enforced using monitors. In this paper, we present an approach to produce a model of an instrumented program from a security requirement represented by a Rabin automaton and a model of the program. Based on an a priori knowledge of the program behavior, this approach allows to enforce, in some cases, more than safety properties. We provide a theorem stating that a truncation enforcement mechanism considering only the set of possible executions of a specific program is strictly more powerful than a mechanism considering all the executions over an alphabet of actions.

[1]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[2]  Martin Leucker,et al.  Monitoring of Realtime Properties , 2006 .

[3]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[4]  Nadia Tawbi,et al.  Execution monitoring enforcement under memory-limitation constraints , 2008, Inf. Comput..

[5]  W. M. Wonham,et al.  The control of discrete event systems , 1989 .

[6]  Mahesh Viswanathan,et al.  Steering of real-time systems based on monitoring and checking , 1999, Proceedings. Fifth International Workshop on Object-Oriented Real-Time Dependable Systems.

[7]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[8]  Thomas Colcombet,et al.  Enforcing trace properties by program transformation , 2000, POPL '00.

[9]  W. M. Wonham,et al.  The control of discrete event systems , 1989, Proc. IEEE.

[10]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[11]  Mahesh Viswanathan,et al.  Runtime Assurance Based On Formal Specifications , 1999, PDPTA.

[12]  Insup Lee,et al.  Information extraction for run-time formal analysis , 2001 .

[13]  Martin Leucker,et al.  Monitoring of Real-Time Properties , 2006, FSTTCS.

[14]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[15]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[16]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[17]  Mahesh Viswanathan,et al.  Java-MaC: A Run-Time Assurance Approach for Java Programs , 2004, Formal Methods Syst. Des..

[18]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[19]  Naveen Garg,et al.  FSTTCS 2006: Foundations of Software Technology and Theoretical Computer Science, 26th International Conference, Kolkata, India, December 13-15, 2006, Proceedings , 2006, FSTTCS.

[20]  Lujo Bauer,et al.  Enforcing Non-safety Security Policies with Program Monitors , 2005, ESORICS.

[21]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[22]  Philip W. L. Fong Access control by tracking shallow execution history , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[23]  Jarred Adam Ligatti,et al.  More Enforceable Security Policies , 2002 .

[24]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[25]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[26]  Úlfar Erlingsson,et al.  The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .