Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties
- 1.5k Downloads
Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progress classification of properties. It allows a fine-grain characterization of the space of enforceable properties. Finally, we propose a systematic technique to produce an enforcement monitor from the Streett automaton recognizing a given safety, guarantee, obligation or response security property.
Unable to display preview. Download preview PDF.
- 3.Viswanathan, M.: Foundations for the run-time analysis of software systems. PhD thesis, University of Pennsylvania, Philadelphia, PA, USA, Supervisor-Sampath Kannan and Supervisor-Insup Lee (2000)Google Scholar
- 4.Ligatti, J., Bauer, L., Walker, D.: Runtime Enforcement of Nonsafety Policies. ACM, New York (2007)Google Scholar
- 6.Fong, P.W.L.: Access control by tracking shallow execution history. sp 00, 43 (2004)Google Scholar
- 7.Chang, E., Manna, Z., Pnueli, A.: The safety-progress classification. Technical report, Stanford University, Dept. of Computer Science (1992)Google Scholar
- 8.Chang, E.Y., Manna, Z., Pnueli, A.: Characterization of temporal property classes. Automata, Languages and Programming, 474–486 (1992)Google Scholar
- 10.Alpern, B., Schneider, F.B.: Defining liveness. Technical report, Cornell University, Ithaca, NY, USA (1984)Google Scholar
- 11.Falcone, Y., Fernandez, J.C., Mounier, L.: Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties. Technical Report TR-2008-7, Verimag Research Report (2008)Google Scholar