Model-Checking In-Lined Reference Monitors

  • Meera Sridhar
  • Kevin W. Hamlen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5944)


A technique for elegantly expressing In-lined Reference Monitor (IRM) certification as model-checking is presented and implemented. In-lined Reference Monitors (IRM’s) enforce software security policies by in-lining dynamic security guards into untrusted binary code. Certifying IRM systems provide strong formal guarantees for such systems by verifying that the instrumented code produced by the IRM system satisfies the original policy. Expressing this certification step as model-checking allows well-established model-checking technologies to be applied to this often difficult certification task. The technique is demonstrated through the enforcement and certification of a URL anti-redirection policy for ActionScript web applets.


Security Policy Security State Abstract Interpretation Abstract Machine Abstract Syntax Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aktug, I., Naliuka, K.: ConSpec - a formal language for policy specification. Science of Computer Programming 74, 2–12 (2008)zbMATHCrossRefGoogle Scholar
  2. 2.
    Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2, 117–126 (1986)CrossRefGoogle Scholar
  3. 3.
    Balakrishnan, G., Reps, T.W., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S.H., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with CodeSurfer/x86 and WPDS++. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 158–163. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Chang, B.-Y.E., Chlipala, A., Necula, G.C.: A framework for certified program analysis and its applications to mobile-code safety. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 174–189. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Chen, F.: Java-MOP: A monitoring oriented programming environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. Symposium on Principles of Prog. Languages, pp. 234–252 (1977)Google Scholar
  7. 7.
    Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Denis, F., Lemay, A., Terlutte, A.: Residual finite state automata. In: Ferreira, A., Reichel, H. (eds.) STACS 2001. LNCS, vol. 2010, pp. 144–157. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    DeVries, B.W., Gupta, G., Hamlen, K.W., Moore, S., Sridhar, M.: ActionScript bytecode verification with co-logic programming. In: Proc. ACM Workshop on Prog. Languages and Analysis for Security (PLAS) (2009)Google Scholar
  10. 10.
    Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop (1999)Google Scholar
  11. 11.
    fukami, Fuhrmannek, B.: SWF and the malware tragedy. In: Proc. OWASP Application Security Conference (2008)Google Scholar
  12. 12.
    Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Proc. ACM Workshop on Prog. Languages and Analysis for Security (PLAS) (2008)Google Scholar
  13. 13.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on.NET. In: Proc. ACM Workshop on Prog. Languages and Analysis for Security (PLAS) (2006)Google Scholar
  14. 14.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. In: ACM Trans. Prog. Languages and Systems (2006)Google Scholar
  15. 15.
    Kisser, W., Havelund, K., Brat, G., Park, S., Lerda, F.: Model checking programs. Automated Software Engineering Journal 10(2) (April 2003)Google Scholar
  16. 16.
    Ruys, T.C., de Brugh, N.H.M.A.: MMC: the Mono Model Checker. Electron. Notes Theor. Comput. Sci. 190(1), 149–160 (2007)CrossRefGoogle Scholar
  17. 17.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Information and System Security 3, 30–50 (2000)CrossRefGoogle Scholar
  18. 18.
    Shapiro, L., Sterling, E.Y.: The Art of PROLOG: Advanced Programming Techniques. MIT Press, Cambridge (1994)zbMATHGoogle Scholar
  19. 19.
    Simon, L., Mallya, A., Bansal, A., Gupta, G.: Coinductive logic programming. In: Etalle, S., Truszczyński, M. (eds.) ICLP 2006. LNCS, vol. 4079, pp. 330–345. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Meera Sridhar
    • 1
  • Kevin W. Hamlen
    • 1
  1. 1.The University of Texas at DallasRichardsonUSA

Personalised recommendations