Skip to main content
SpringerLink
Log in

Provably Correct Runtime Monitoring

(Extended Abstract)

  • Conference paper
FM 2008: Formal Methods (FM 2008)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5014))

Included in the following conference series:

Abstract

Runtime monitoring is an established technique for enforcing a wide range of program safety and security properties. We present a formalization of monitoring and monitor inlining, for the Java Virtual Machine. Monitors are security automata given in a special-purpose monitor specification language, ConSpec. The automata operate on finite or infinite strings of calls to a fixed API, allowing local dependencies on parameter values and heap content. We use a two-level class file annotation scheme to characterize two key properties: (i) that the program is correct with respect to the monitor as a constraint on allowed program behavior, and (ii) that the program has an instance of the given monitor embedded into it, which yields state changes at prescribed points according to the monitor’s transition function. As our main application of these results we describe a concrete inliner, and use the annotation scheme to characterize its correctness. For this inliner, correctness of the level II annotations can be decided efficiently by a weakest precondition annotation checker, thus allowing on-device checking of inlining correctness in a proof-carrying code setting.

This work was partially funded by the S3MS project, IST-STREP-27004. The second author was partially supported by the Swedish Research Council grant 2003-6108.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aktug, I., Dam, M., Gurov, D.: Provably correct runtime monitoring. Technical Report TRITA-CSC-TCS 2008:1, CSC KTH (2007), http://www.csc.kth.se/~irem/S3MS/TechRep07.pdf

  2. Aktug, I., Linde, J.: An inliner tool for mobile platforms., http://www.csc.kth.se/~irem/S3MS/Inliner/

  3. Aktug, I., Naliuka, K.: ConSpec – a formal language for policy specification. In: Piessens, F., Massacci, F. (eds.) Proc. of The First Int. Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007). Electronic Notes in Theoretical Computer Science, vol. 197-1, pp. 45–58 (2007)

    Google Scholar 

  4. Bannwart, F.Y., Müller, P.: A logic for bytecode. In: Proc. of BYTECODE 2005. ENTCS, vol. 141-1, pp. 255–273 (2005)

    Google Scholar 

  5. Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: Proc. of the ACM SIGPLAN Conf. on Prog. Lang. Design and Implementation, pp. 305–314 (2005)

    Google Scholar 

  6. Erlingsson, Ú., Schneider, F.B.: IRM enforcement of Java stack inspection. In: IEEE Symp. on Security and Privacy, p. 246. IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  7. Freund, S.N., Mitchell, J.C.: A type system for object initialization in the Java bytecode language. ACM Trans. Program. Lang. Syst. 21(6), 1196–1250 (1999)

    Article  Google Scholar 

  8. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on.NET. In: Proc. of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2006), June 2006, pp. 7–16 (2006)

    Google Scholar 

  9. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)

    Article  Google Scholar 

  10. Havelund, K., Rosu, G.: Synthesizing monitors for safety properties. In: Katoen, J.-P., Stevens, P. (eds.) ETAPS 2002 and TACAS 2002. LNCS, vol. 2280, pp. 342–356. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Schneider, F.B.: Enforceable security policies. ACM Trans. Infinite Systems Security 3(1), 30–50 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Royal Institute of Technology (KTH), Sweden

    Irem Aktug & Dilian Gurov

  2. Access Linneaus Center, Royal Institute of Technology (KTH), Sweden

    Mads Dam

Authors
  1. Irem Aktug
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mads Dam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dilian Gurov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Jorge Cuellar Tom Maibaum Kaisa Sere

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aktug, I., Dam, M., Gurov, D. (2008). Provably Correct Runtime Monitoring. In: Cuellar, J., Maibaum, T., Sere, K. (eds) FM 2008: Formal Methods. FM 2008. Lecture Notes in Computer Science, vol 5014. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68237-0_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68237-0_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68235-6

  • Online ISBN: 978-3-540-68237-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation