Skip to main content
SpringerLink
Log in

Runtime enforcement monitors: composition, synthesis, and enforcement abilities

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Runtime enforcement is a powerful technique to ensure that a program will respect a given set of properties. We extend previous work on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general Safety-Progress classification of properties. Furthermore, we propose a systematic technique to produce a monitor from the automaton recognizing a given safety, guarantee, obligation or response property. Finally, we show that this notion of enforcement monitors is more amenable to implementation and encompasses previous runtime enforcement mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Havelund K, Goldberg A (2008) Verify your runs. In: Verified software: theories, tools, experiments: first IFIP TC 2/WG 2.3 conference, revised selected papers and discussions, VSTTE 2005, Zurich, Switzerland, October 10–13, 2005, pp 374–383

    Google Scholar 

  2. Leucker M, Schallhart C (2009) A brief account of runtime verification. J Log Algebr Program 78:293–303

    Article  MATH  Google Scholar 

  3. Schneider FB (2000) Enforceable security policies. ACM Trans Inf Syst Secur 3:30–50

    Article  Google Scholar 

  4. Hamlen KW, Morrisett G, Schneider FB (2006) Computability classes for enforcement mechanisms. ACM Trans Program Lang Syst 28:175–205

    Article  Google Scholar 

  5. Viswanathan M (2000) Foundations for the run-time analysis of software systems. PhD thesis, University of Pennsylvania, Philadelphia, PA, USA, Supervisor-Sampath Kannan and Supervisor-Insup Lee

  6. Ligatti J, Bauer L, Walker D (2009) Run-time enforcement of nonsafety policies. ACM Trans Inf Syst Secur 12

  7. Ligatti J, Bauer L, Walker D (2005) Enforcing non-safety security policies with program monitors. In: ESORICS, pp 355–373

    Chapter  Google Scholar 

  8. Fong PWL (2004) Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE symposium on security and privacy. IEEE Computer Society Press, Los Alamitos, pp 43–55

    Chapter  Google Scholar 

  9. Manna Z, Pnueli A (1987) A hierarchy of temporal properties. In: PODC’87: proceedings of the sixth annual ACM symposium on principles of distributed computing. ACM, New York, pp 205–205

    Chapter  Google Scholar 

  10. Chang EY, Manna Z, Pnueli A (1992) Characterization of temporal property classes. In: Automata, languages and programming, pp 474–486

    Google Scholar 

  11. Lamport L (1977) Proving the correctness of multiprocess programs. IEEE Trans Softw Eng 3:125–143

    Article  MathSciNet  Google Scholar 

  12. Alpern B, Schneider FB (1985) Defining liveness. Inf Process Lett 21:181–185

    Article  MATH  MathSciNet  Google Scholar 

  13. Falcone Y, Fernandez JC, Mounier L (2008) Synthesizing enforcement monitors wrt the safety-progress classification of properties. In: Sekar R, Pujari AK (eds) ICISS. Lecture notes in computer science, vol 5352, pp 41–55

    Google Scholar 

  14. Chang E, Manna Z, Pnueli A (1992) The safety-progress classification. Technical report, Stanford University, Dept of Computer Science

  15. Streett RS (1981) Propositional dynamic logic of looping and converse. In: STOC’81: proceedings of the thirteenth annual ACM symposium on theory of computing. ACM, New York, pp 375–383

    Chapter  Google Scholar 

  16. Falcone Y, Fernandez JC, Mounier L (2009) Runtime verification of safety-progress properties. In: Bensalem S, Peled D (eds) RV. Lecture notes in computer science, vol 5779. Springer, Berlin, pp 40–59

    Google Scholar 

  17. Hamlen KW (2006) Security policy enforcement by automated program-rewriting. PhD thesis, Cornell University

  18. Ligatti JA (2006) Policy enforcement via program monitoring. PhD thesis, Princeton University

  19. Bauer L, Ligatti J, Walker D (2009) Composing expressive runtime security policies. ACM Trans Softw Eng Methodol 18

  20. Martinelli F, Matteucci I (2007) Through modeling to synthesis of security automata. Electron Notes Theor Comput Sci 179:31–46

    Article  Google Scholar 

  21. Matteucci I (2007) Automated synthesis of enforcing mechanisms for security properties in a timed setting. Electron Notes Theor Comput Sci 186:101–120

    Article  MathSciNet  Google Scholar 

  22. Erlingsson U, Schneider FB (2000) IRM enforcement of Java stack inspection. In: IEEE symposium on security and privacy, pp 246–255

    Google Scholar 

  23. Erlingsson U, Schneider FB (2000) SASI enforcement of security policies: a retrospective. In: WNSP: new security paradigms workshop. ACM Press, New York

    Google Scholar 

  24. Kiczales G, Lamping J, Mendhekar A, Maeda C, Lopes C, Loingtier JM, Irwin J (1997) Aspect-oriented programming. Springer, Berlin

    Google Scholar 

  25. Falcone Y, Fernandez JC, Mounier L (2009) Enforcement monitoring wrt the safety-progress classification of properties. In: SAC’09: proceedings of the 2009 ACM symposium on applied computing. ACM, New York, pp 593–600

    Chapter  Google Scholar 

  26. The Apache Jakarta Project: Byte Code Engineering Library (2008) http://jakarta.apache.org/bcel/

  27. Nethercote N, Seward J (2007) Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Not 42:89–100

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Grenoble INP, CNRS VERIMAG, UJF-Grenoble 1, Grenoble, 38041, France

    Yliès Falcone, Laurent Mounier & Jean-Claude Fernandez

  2. Grenoble INP, CNRS LIG, UJF-Grenoble 1, Grenoble, 38041, France

    Jean-Luc Richier

Authors
  1. Yliès Falcone
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Laurent Mounier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Claude Fernandez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Luc Richier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yliès Falcone.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Falcone, Y., Mounier, L., Fernandez, JC. et al. Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Form Methods Syst Des 38, 223–262 (2011). https://doi.org/10.1007/s10703-011-0114-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-011-0114-4

Keywords

Search

Navigation