Abstract
CliSeAu is a novel tool for hardening distributed Java programs. CliSeAu takes as input a specification of the desired properties and a Java bytecode target program, i.e. the format in which Java programs are usually provided. CliSeAu returns hardened Java bytecode that provides the same functionality as the original code, unless this code endangers the desired properties. By monitoring the components of a distributed system in a decentralized and coordinated fashion, our tool CliSeAu is able to enforce a wide range of properties, both effectively and efficiently. In this article, we present the architecture of CliSeAu, explain how the components of a distributed target program are instrumented by CliSeAu, and illustrate at an example application how CliSeAu can be used for securing distributed programs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schneider, F.B.: Enforceable Security Policies. Transactions on Information and System Security 3(1), 30–50 (2000)
Fong, P.W.L.: Access Control By Tracking Shallow Execution History. In: IEEE Symposium on Security and Privacy, pp. 43–55. IEEE Computer Society (2004)
Ligatti, J., Bauer, L., Walker, D.: Edit Automata: Enforcement Mechanisms for Run-time Security Policies. IJIS 4(1-2), 2–16 (2005)
Erlingsson, U., Schneider, F.B.: SASI Enforcement of Security Policies: A Retrospective. In: Proceedings of the 2nd NSPW, pp. 87–95. ACM (2000)
Bauer, L., Ligatti, J., Walker, D.: Composing Expressive Runtime Security Policies. Transactions on Software Engineering and Methodology 18(3) (2009)
Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)
Brewer, D.F., Nash, M.J.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 206–214 (1989)
Mazaheri, S.: Race conditions in distributed enforcement at the example of online social networks. Bachelor thesis, TU Darmstadt (2012)
Scheurer, D.: Enforcing Datalog Policies with Service Automata on Distributed Version Control Systems. Bachelor thesis, TU Darmstadt (2013)
Wendel, F.: An evaluation of delegation strategies for coordinated enforcement. Bachelor thesis, TU Darmstadt (2012)
Lamport, L.: Proving the Correctness of Multiprocess Programs. IEEE Transactions on Software Engineering 3(2), 125–143 (1977)
Alpern, B., Schneider, F.B.: Defining Liveness. Information Processing Letters 21, 181–185 (1985)
Clarkson, M.R., Schneider, F.B.: Hyperproperties. Journal of Computer Security 18(6), 1157–1210 (2010)
McLean, J.D.: Security Models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. John Wiley & Sons, Inc. (1994)
Booch, G., Maksimchuk, R.A., Engle, M.W., Young, B.J., Connallen, J., Houston, K.A.: Object-oriented Analysis and Design with Applications, 3rd edn. (2007)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995)
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An Overview of AspectJ. In: Lindskov Knudsen, J. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)
DRS (1999), http://www.octagonsoftware.com/home/mark/DRS/
AnomicFTPD v0.94 (2009), http://anomic.de/AnomicFTPServer/
simple-ftpd (2010), https://github.com/rath/simple-ftpd
PUBLIC LAW 107 - 204 - SARBANES-OXLEY ACT OF 2002
Chen, F., Roşu, G.: MOP: An Efficient and Generic Runtime Verification Framework. In: Proceedings of the 22nd OOPSLA, pp. 569–588. ACM (2007)
Minsky, N.H., Ungureanu, V.: Law-governed Interaction: a Coordination and Control Mechanism for Heterogeneous Distributed Systems. ACM Transactions on Software Engineering Methodology 9(3), 273–305 (2000)
Sen, K., Vardhan, A., Agha, G., Roşu, G.: Efficient Decentralized Monitoring of Safety in Distributed Systems. In: Proceedings of the 26th ICSE, pp. 418–427 (2004)
Ongtang, M., Butler, K.R., McDaniel, P.D.: Porscha: Policy Oriented Secure Content Handling in Android. In: ACSAC, pp. 221–230 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Gay, R., Hu, J., Mantel, H. (2014). CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement. In: Prakash, A., Shyamasundar, R. (eds) Information Systems Security. ICISS 2014. Lecture Notes in Computer Science, vol 8880. Springer, Cham. https://doi.org/10.1007/978-3-319-13841-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-13841-1_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13840-4
Online ISBN: 978-3-319-13841-1
eBook Packages: Computer ScienceComputer Science (R0)