论文信息 - The S3MS.NET Run Time Monitor: Tool Demonstration

The S3MS.NET Run Time Monitor: Tool Demonstration

This paper describes the S3MS.NET run time monitor, a tool that can enforce security policies expressed in a variety of policy languages for .NET desktop or mobile applications. The tool consists of two major parts: a bytecode inliner that rewrites .NET assemblies to insert calls to a policy decision point, and a policy compiler that compiles source policies to executable policy decision points. The tool supports both singlethreaded and multithreaded applications, and is sufficiently mature to be used on real-world applications. This paper describes the overall functionality and architecture of the tool, discusses its strengths and weaknesses, and reports on our experience with using the tool on case studies as well as in teaching.

[1] Úlfar Erlingsson,et al. The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[2] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.

[3] Katsiaryna Naliuka,et al. ConSpec - A Formal Language for Policy Specification , 2008, Electron. Notes Theor. Comput. Sci..

[4] Frank Piessens,et al. Security enforcement aware software development , 2009, Inf. Softw. Technol..

[5] Wouter Joosen,et al. A flexible security architecture to support third-party applications on mobile devices , 2007, CSAW '07.

[6] Vipin Chaudhary,et al. History-based access control for mobile code , 1998, CCS '98.

[7] Alexander K. Petrenko,et al. Electronic Notes in Theoretical Computer Science , 2009 .

[8] Wouter Joosen,et al. Security-by-contract on the .NET platform , 2008, Inf. Secur. Tech. Rep..

[9] Alan Bundy,et al. Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[10] 李幼升,et al. Ph , 1989 .

[11] Frank Piessens,et al. A Caller-Side Inline Reference Monitor for an Object-Oriented Intermediate Language , 2008, FMOODS.

[12] Fabio Massacci,et al. Multi-session Security Monitoring for Mobile Code , 2006 .