Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

  • Yannis Mallios
  • Lujo Bauer
  • Dilsun Kaynar
  • Jay Ligatti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7783)


Run-time monitors ensure that untrusted software and system behavior adheres to a security policy. This paper defines an expressive formal framework, based on I/O automata, for modeling systems, policies, and run-time monitors in more detail than is typical. We explicitly model, for example, the environment, applications, and the interaction between them and monitors. The fidelity afforded by this framework allows us to explicitly formulate and study practical constraints on policy enforcement that were often only implicit in previous models, providing a more accurate view of what can be enforced by monitoring in practice. We introduce two definitions of enforcement, target-specific and generalized, that allow us to reason about practical monitoring scenarios. Finally, we provide some meta-theoretical comparison of these definitions and we apply them to investigate policy enforcement in scenarios where the monitor designer has knowledge of the target application and show how this can be exploited to make more efficient design choices.


Security Policy Generalize Monitor Enforceable Policy Communicate Sequential Process Monitoring Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    de Alfaro, L., Henzinger, T.A.: Interface automata. In: Proc. European Software Engineering Conference (2001)Google Scholar
  2. 2.
    Araragi, T., Attie, P.C., Keidar, I., Kogure, K., Luchangco, V., Lynch, N.A., Mano, K.: On Formal Modeling of Agent Computations. In: Rash, J.L., Rouff, C.A., Truszkowski, W., Gordon, D.F., Hinchey, M.G. (eds.) FAABS 2000. LNCS (LNAI), vol. 1871, pp. 48–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Basin, D., Olderog, E.R., Sevinc, P.E.: Specifying and analyzing security automata using CSP-OZ. In: Proc. ACM Symposium on Information, Computer and Communications Security, ASIACCS (2007)Google Scholar
  4. 4.
    Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable Security Policies Revisited. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 309–328. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional (2002)Google Scholar
  6. 6.
    Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. Journal of the ACM 31, 560–599 (1984)MathSciNetzbMATHCrossRefGoogle Scholar
  7. 7.
    Chabot, H., Khoury, R., Tawbi, N.: Extending the enforcement power of truncation monitors using static analysis. Computers and Security 30(4), 194–207 (2011)CrossRefGoogle Scholar
  8. 8.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: Proc. IEEE Computer Security Foundations Symposium (2008)Google Scholar
  9. 9.
    Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: a retrospective. In: Proc. Workshop on New Security Paradigms (2000)Google Scholar
  10. 10.
    Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Intl. Jrnl. Software Tools for Tech. Transfer (STTT) 14(3), 349–382 (2011)Google Scholar
  11. 11.
    Fong, P.W.L.: Access control by tracking shallow execution history. In: Proc. IEEE Symposium on Security and Privacy (2004)Google Scholar
  12. 12.
    Garfinkel, T.: Traps and pitfalls: Practical problems in system call interposition based security tools. In: Proc. Network and Distributed Systems Security Symposium (2003)Google Scholar
  13. 13.
    Gay, R., Mantel, H., Sprick, B.: Service Automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)CrossRefGoogle Scholar
  15. 15.
    Hickey, J., Lynch, N.A., van Renesse, R.: Specifications and Proofs for Ensemble Layers. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 119–134. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Kwiatkowska, M.Z.: Survey of fairness notions. Information and Software Technology 31(7), 371–386 (1989)CrossRefGoogle Scholar
  17. 17.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Transactions on Information and System Security 12(3) (2009)Google Scholar
  18. 18.
    Ligatti, J., Reddy, S.: A Theory of Runtime Enforcement, with Results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc. (1996)Google Scholar
  20. 20.
    Mallios, Y., Bauer, L., Kaynar, D., Ligatti, J.: Enforcing more with less: Formalizing target-aware run-time monitors. Tech. Rep. CMU-CyLab-12-009, CyLab, Carnegie Mellon University (2012)Google Scholar
  21. 21.
    Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci. 179, 31–46 (2007)CrossRefGoogle Scholar
  22. 22.
    Milner, R.: A Calculus of Communicating Systems. Springer (1982)Google Scholar
  23. 23.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  24. 24.
    Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. Master’s thesis, Dept. of Electrical Engineering and Computer Science. MIT (1987)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Yannis Mallios
    • 1
  • Lujo Bauer
    • 1
  • Dilsun Kaynar
    • 1
  • Jay Ligatti
    • 2
  1. 1.Carnegie Mellon UniversityPittsburghUSA
  2. 2.University of South FloridaTampaUSA

Personalised recommendations