Skip to main content
SpringerLink
Log in

CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement

  • Conference paper
Information Systems Security (ICISS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8880))

Included in the following conference series:

Abstract

CliSeAu is a novel tool for hardening distributed Java programs. CliSeAu takes as input a specification of the desired properties and a Java bytecode target program, i.e. the format in which Java programs are usually provided. CliSeAu returns hardened Java bytecode that provides the same functionality as the original code, unless this code endangers the desired properties. By monitoring the components of a distributed system in a decentralized and coordinated fashion, our tool CliSeAu is able to enforce a wide range of properties, both effectively and efficiently. In this article, we present the architecture of CliSeAu, explain how the components of a distributed target program are instrumented by CliSeAu, and illustrate at an example application how CliSeAu can be used for securing distributed programs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Schneider, F.B.: Enforceable Security Policies. Transactions on Information and System Security 3(1), 30–50 (2000)

    Article  Google Scholar 

  2. Fong, P.W.L.: Access Control By Tracking Shallow Execution History. In: IEEE Symposium on Security and Privacy, pp. 43–55. IEEE Computer Society (2004)

    Google Scholar 

  3. Ligatti, J., Bauer, L., Walker, D.: Edit Automata: Enforcement Mechanisms for Run-time Security Policies. IJIS 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  4. Erlingsson, U., Schneider, F.B.: SASI Enforcement of Security Policies: A Retrospective. In: Proceedings of the 2nd NSPW, pp. 87–95. ACM (2000)

    Google Scholar 

  5. Bauer, L., Ligatti, J., Walker, D.: Composing Expressive Runtime Security Policies. Transactions on Software Engineering and Methodology 18(3) (2009)

    Google Scholar 

  6. Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Brewer, D.F., Nash, M.J.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 206–214 (1989)

    Google Scholar 

  8. Mazaheri, S.: Race conditions in distributed enforcement at the example of online social networks. Bachelor thesis, TU Darmstadt (2012)

    Google Scholar 

  9. Scheurer, D.: Enforcing Datalog Policies with Service Automata on Distributed Version Control Systems. Bachelor thesis, TU Darmstadt (2013)

    Google Scholar 

  10. Wendel, F.: An evaluation of delegation strategies for coordinated enforcement. Bachelor thesis, TU Darmstadt (2012)

    Google Scholar 

  11. Lamport, L.: Proving the Correctness of Multiprocess Programs. IEEE Transactions on Software Engineering 3(2), 125–143 (1977)

    Article  MATH  MathSciNet  Google Scholar 

  12. Alpern, B., Schneider, F.B.: Defining Liveness. Information Processing Letters 21, 181–185 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  13. Clarkson, M.R., Schneider, F.B.: Hyperproperties. Journal of Computer Security 18(6), 1157–1210 (2010)

    Google Scholar 

  14. McLean, J.D.: Security Models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. John Wiley & Sons, Inc. (1994)

    Google Scholar 

  15. Booch, G., Maksimchuk, R.A., Engle, M.W., Young, B.J., Connallen, J., Houston, K.A.: Object-oriented Analysis and Design with Applications, 3rd edn. (2007)

    Google Scholar 

  16. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995)

    Google Scholar 

  17. Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An Overview of AspectJ. In: Lindskov Knudsen, J. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. DRS (1999), http://www.octagonsoftware.com/home/mark/DRS/

  19. AnomicFTPD v0.94 (2009), http://anomic.de/AnomicFTPServer/

  20. simple-ftpd (2010), https://github.com/rath/simple-ftpd

  21. PUBLIC LAW 107 - 204 - SARBANES-OXLEY ACT OF 2002

    Google Scholar 

  22. Chen, F., Roşu, G.: MOP: An Efficient and Generic Runtime Verification Framework. In: Proceedings of the 22nd OOPSLA, pp. 569–588. ACM (2007)

    Google Scholar 

  23. Minsky, N.H., Ungureanu, V.: Law-governed Interaction: a Coordination and Control Mechanism for Heterogeneous Distributed Systems. ACM Transactions on Software Engineering Methodology 9(3), 273–305 (2000)

    Article  Google Scholar 

  24. Sen, K., Vardhan, A., Agha, G., Roşu, G.: Efficient Decentralized Monitoring of Safety in Distributed Systems. In: Proceedings of the 26th ICSE, pp. 418–427 (2004)

    Google Scholar 

  25. Ongtang, M., Butler, K.R., McDaniel, P.D.: Porscha: Policy Oriented Secure Content Handling in Android. In: ACSAC, pp. 221–230 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, TU Darmstadt, Germany

    Richard Gay, Jinwei Hu & Heiko Mantel

Authors
  1. Richard Gay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinwei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Heiko Mantel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of EECS, University of Michigan, 48109-2121, Ann Arbor, MI, USA

    Atul Prakash

  2. Faculty of Technology and Computer Science, Tata Institute of Fundamental Research, Homi Bhabha Road, 400005, Mumbai, India

    Rudrapatna Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Gay, R., Hu, J., Mantel, H. (2014). CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement. In: Prakash, A., Shyamasundar, R. (eds) Information Systems Security. ICISS 2014. Lecture Notes in Computer Science, vol 8880. Springer, Cham. https://doi.org/10.1007/978-3-319-13841-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13841-1_21

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13840-4

  • Online ISBN: 978-3-319-13841-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation