Abstract
Runtime enforcement is a powerful technique to ensure that a program will respect a given set of properties. We extend previous work on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general Safety-Progress classification of properties. Furthermore, we propose a systematic technique to produce a monitor from the automaton recognizing a given safety, guarantee, obligation or response property. Finally, we show that this notion of enforcement monitors is more amenable to implementation and encompasses previous runtime enforcement mechanisms.
Similar content being viewed by others
References
Havelund K, Goldberg A (2008) Verify your runs. In: Verified software: theories, tools, experiments: first IFIP TC 2/WG 2.3 conference, revised selected papers and discussions, VSTTE 2005, Zurich, Switzerland, October 10–13, 2005, pp 374–383
Leucker M, Schallhart C (2009) A brief account of runtime verification. J Log Algebr Program 78:293–303
Schneider FB (2000) Enforceable security policies. ACM Trans Inf Syst Secur 3:30–50
Hamlen KW, Morrisett G, Schneider FB (2006) Computability classes for enforcement mechanisms. ACM Trans Program Lang Syst 28:175–205
Viswanathan M (2000) Foundations for the run-time analysis of software systems. PhD thesis, University of Pennsylvania, Philadelphia, PA, USA, Supervisor-Sampath Kannan and Supervisor-Insup Lee
Ligatti J, Bauer L, Walker D (2009) Run-time enforcement of nonsafety policies. ACM Trans Inf Syst Secur 12
Ligatti J, Bauer L, Walker D (2005) Enforcing non-safety security policies with program monitors. In: ESORICS, pp 355–373
Fong PWL (2004) Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE symposium on security and privacy. IEEE Computer Society Press, Los Alamitos, pp 43–55
Manna Z, Pnueli A (1987) A hierarchy of temporal properties. In: PODC’87: proceedings of the sixth annual ACM symposium on principles of distributed computing. ACM, New York, pp 205–205
Chang EY, Manna Z, Pnueli A (1992) Characterization of temporal property classes. In: Automata, languages and programming, pp 474–486
Lamport L (1977) Proving the correctness of multiprocess programs. IEEE Trans Softw Eng 3:125–143
Alpern B, Schneider FB (1985) Defining liveness. Inf Process Lett 21:181–185
Falcone Y, Fernandez JC, Mounier L (2008) Synthesizing enforcement monitors wrt the safety-progress classification of properties. In: Sekar R, Pujari AK (eds) ICISS. Lecture notes in computer science, vol 5352, pp 41–55
Chang E, Manna Z, Pnueli A (1992) The safety-progress classification. Technical report, Stanford University, Dept of Computer Science
Streett RS (1981) Propositional dynamic logic of looping and converse. In: STOC’81: proceedings of the thirteenth annual ACM symposium on theory of computing. ACM, New York, pp 375–383
Falcone Y, Fernandez JC, Mounier L (2009) Runtime verification of safety-progress properties. In: Bensalem S, Peled D (eds) RV. Lecture notes in computer science, vol 5779. Springer, Berlin, pp 40–59
Hamlen KW (2006) Security policy enforcement by automated program-rewriting. PhD thesis, Cornell University
Ligatti JA (2006) Policy enforcement via program monitoring. PhD thesis, Princeton University
Bauer L, Ligatti J, Walker D (2009) Composing expressive runtime security policies. ACM Trans Softw Eng Methodol 18
Martinelli F, Matteucci I (2007) Through modeling to synthesis of security automata. Electron Notes Theor Comput Sci 179:31–46
Matteucci I (2007) Automated synthesis of enforcing mechanisms for security properties in a timed setting. Electron Notes Theor Comput Sci 186:101–120
Erlingsson U, Schneider FB (2000) IRM enforcement of Java stack inspection. In: IEEE symposium on security and privacy, pp 246–255
Erlingsson U, Schneider FB (2000) SASI enforcement of security policies: a retrospective. In: WNSP: new security paradigms workshop. ACM Press, New York
Kiczales G, Lamping J, Mendhekar A, Maeda C, Lopes C, Loingtier JM, Irwin J (1997) Aspect-oriented programming. Springer, Berlin
Falcone Y, Fernandez JC, Mounier L (2009) Enforcement monitoring wrt the safety-progress classification of properties. In: SAC’09: proceedings of the 2009 ACM symposium on applied computing. ACM, New York, pp 593–600
The Apache Jakarta Project: Byte Code Engineering Library (2008) http://jakarta.apache.org/bcel/
Nethercote N, Seward J (2007) Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Not 42:89–100
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Falcone, Y., Mounier, L., Fernandez, JC. et al. Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Form Methods Syst Des 38, 223–262 (2011). https://doi.org/10.1007/s10703-011-0114-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10703-011-0114-4