Finite State Transducers Framework for Monitors Conflict Detection and Resolution
Runtime monitoring and verification systems monitor target’s events and verify them against specifications during program execution. For such systems the same event might trigger different monitors remedial actions, which can be contradictory in behavior or complementary (with a specific order). This urges the need to have a method to detect and resolve potential conflict between monitors.
In this paper, we present a formal model for modeling monitors based on Finite State Transducers. Monitors in the model are transducers with events as their input and output alphabet. Monitors composition is used for those monitors in conflict, where each monitor can add to the output set of events, but it can never remove an event. The output set of events is later evaluated using 2 rewrite rules and resulting in non-conflicting behavior.
KeywordsSystem Call Output Event Remedial Action File Network Input Event
Unable to display preview. Download preview PDF.
- 1.Allan, C., Avgustinov, P., Christensen, A.S., Hendren, L.J., Kuzins, S., Lhoták, O., de Moor, O., Sereni, D., Sittampalam, G., Tibble, J.: Adding trace matching with free variables to AspectJ. In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2005), pp. 345–364. ACM (2005)Google Scholar
- 2.Bauer, L., Ligatti, J., Walker, D.: A language and system for enforcing run-time security policies. Tech. Rep. TR-699-04, Princeton University (2004)Google Scholar
- 4.Chen, F., Roşu, G.: MOP: An efficient and generic runtime verification framework. In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2007), pp. 569–588. ACM (2007)Google Scholar
- 5.Erlingsson, U., Schneider, F.B.: IRM enforcement of java stack inspection. In: IEEE Symposium on Security and Privacy (SOSP 2000), pp. 246–255. IEEE (2000)Google Scholar
- 6.Evans, D.: Policy-Directed Code Safety. Ph.D. thesis, MIT (2000)Google Scholar
- 7.Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE Symposium on Security and Privacy (SOSP 1999), pp. 32–45. IEEE (1999)Google Scholar
- 8.Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 11–20. ACM (2008)Google Scholar
- 9.Jones, M., Hamlen, K.W.: Enforcing IRM security policies: two case studies. In: Intelligence and Security Informatics (ISI 2009), pp. 214–216. IEEE (2009)Google Scholar
- 11.Ligatti, J.A.: Policy Enforcement via Program Monitoring. Ph.D. thesis, Princeton University (2006)Google Scholar
- 13.Lomsak, D., Ligatti, J.: PoliSeer: A tool for managing complex security policies. In: International Federation for Information Processing Conference on Trust Management, IFIP-TM (2010)Google Scholar
- 14.Meredith, P.O., Jin, D., Griffth, D., Chen, F., Roşu, G.: An overview of monitoring oriented programming. Journal on Software Tools for Technology Transfer (to appear, 2011)Google Scholar
- 15.Meredith, P.O., Jin, D., Griffth, D., Chen, F., Roşu, G.: An overview of the MOP runtime verification framework. Journal on Software Techniques for Technology Transfer (to appear, 2011)Google Scholar