Abstract
We consider the enforcement powers of program monitors, which intercept security-sensitive actions of a target application at run time and take remedial steps whenever the target attempts to execute a potentially dangerous action. A common belief in the security community is that program monitors, regardless of the remedial steps available to them when detecting violations, can only enforce safety properties. We formally analyze the properties enforceable by various program monitors and find that although this belief is correct when considering monitors with simple remedial options, it is incorrect for more powerful monitors that can be modeled by edit automata. We define an interesting set of properties called infinite renewal properties and demonstrate how, when given any reasonable infinite renewal property, to construct an edit automaton that provably enforces that property. We analyze the set of infinite renewal properties and show that it includes every safety property, some liveness properties, and some properties that are neither safety nor liveness.
Chapter PDF
References
Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Symposium (2003)
Alpern, B., Schneider, F.: Recognizing safety and liveness. Distributed Computing 2, 117–126 (1987)
Alpern, B., Schneider, F.B.: Defining liveness. Information Processing Letters 21(4), 181–185 (1985)
Bauer, L., Ligatti, J., Walker, D.: Types and effects for non-interfering program monitors. In: Okada, M., Pierce, B., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 154–171. Springer, Heidelberg (2003)
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, Chicago (June 2005)
Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 206–214 (1989)
Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: ACM Conference on Computer and Communications Security, pp. 38–48 (1998)
Erlingsson, Ú.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell University (January 2004)
Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proceedings of the New Security Paradigms Workshop, Caledon Hills, Canada, pp. 87–95 (September 1999)
Erlingsson, Ú., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, pp. 246–255 (May 2000)
Evans, D., Twyman, A.: Flexible policy-directed code safety. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 1999)
Fong, P.W.L.: Access control by tracking shallow execution history. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, USA (May 2004)
Hamlen, K., Morrisett, G., Schneider, F.: Computability classes for enforcement mechanisms. Technical Report TR2003-1908, Cornell University (August 2003)
Jeffery, C., Zhou, W., Templer, K., Brazell, M.: A lightweight architecture for program execution monitoring. In: PASTE 1998: Proceedings of the 1998 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pp. 67–74. ACM Press, New York (1998)
Kiczales, G., Irwin, J., Lamping, J., Loingtier, J.-M., Lopes, C.V., Maeda, C., Mendhekar, A.: Aspect-oriented programming. ACM Comput. Surv. 28(4es), 154 (1996)
Kim, M., Kannan, S., Lee, I., Sokolsky, O., Viswantathan, M.: Computational analysis of run-time monitoring—fundamentals of Java-MaC. In: Run-time Verification (June 2002)
Kim, M., Viswanathan, M., Ben-Abdallah, H., Kannan, S., Lee, I., Sokolsky, O.: Formally specified monitoring of temporal properties. In: European Conference on Real-time Systems, York, UK (June 1999)
Lamport, L.: Proving the correctness of multiprocess programs. IEEE Transactions of Software Engineering 3(2), 125–143 (1977)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Technical Report TR-681-03, Princeton University (May 2003)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1–2), 2–16 (2005)
Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. Technical Report TR-720-05, Princeton University (January 2005)
Lynch, N.A., Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the 6th annual ACM Symposium on Principles of distributed computing, pp. 137–151. ACM Press, New York (1987)
Paxton, W.H.: A client-based transaction system to maintain data integrity. In: Proceedings of the 7th ACM symposium on Operating systems principles, pp. 18–23. ACM Press, New York (1979)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and Systems Security 3(1), 30–50 (2000)
Viswanathan, M.: Foundations for the Run-time Analysis of Software Systems. PhD thesis, University of Pennsylvania (2000)
Wahbe, R., Lucco, S., Anderson, T., Graham, S.: Efficient software-based fault isolation. In: Proceedings of the 14th Symposium on Operating Systems Principles, Asheville, pp. 203–216 (December 1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ligatti, J., Bauer, L., Walker, D. (2005). Enforcing Non-safety Security Policies with Program Monitors. In: di Vimercati, S.d.C., Syverson, P., Gollmann, D. (eds) Computer Security – ESORICS 2005. ESORICS 2005. Lecture Notes in Computer Science, vol 3679. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11555827_21
Download citation
DOI: https://doi.org/10.1007/11555827_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28963-0
Online ISBN: 978-3-540-31981-8
eBook Packages: Computer ScienceComputer Science (R0)