Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5352)


Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progress classification of properties. It allows a fine-grain characterization of the space of enforceable properties. Finally, we propose a systematic technique to produce an enforcement monitor from the Streett automaton recognizing a given safety, guarantee, obligation or response security property.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)CrossRefGoogle Scholar
  2. 2.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28, 175–205 (2006)CrossRefGoogle Scholar
  3. 3.
    Viswanathan, M.: Foundations for the run-time analysis of software systems. PhD thesis, University of Pennsylvania, Philadelphia, PA, USA, Supervisor-Sampath Kannan and Supervisor-Insup Lee (2000)Google Scholar
  4. 4.
    Ligatti, J., Bauer, L., Walker, D.: Runtime Enforcement of Nonsafety Policies. ACM, New York (2007)Google Scholar
  5. 5.
    Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Fong, P.W.L.: Access control by tracking shallow execution history. sp 00, 43 (2004)Google Scholar
  7. 7.
    Chang, E., Manna, Z., Pnueli, A.: The safety-progress classification. Technical report, Stanford University, Dept. of Computer Science (1992)Google Scholar
  8. 8.
    Chang, E.Y., Manna, Z., Pnueli, A.: Characterization of temporal property classes. Automata, Languages and Programming, 474–486 (1992)Google Scholar
  9. 9.
    Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3, 125–143 (1977)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Alpern, B., Schneider, F.B.: Defining liveness. Technical report, Cornell University, Ithaca, NY, USA (1984)Google Scholar
  11. 11.
    Falcone, Y., Fernandez, J.C., Mounier, L.: Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties. Technical Report TR-2008-7, Verimag Research Report (2008)Google Scholar
  12. 12.
    Manna, Z., Pnueli, A.: A hierarchy of temporal properties (invited paper, 1989). In: PODC 1990: Proceedings of the ninth annual ACM symposium on Principles of distributed computing, pp. 377–410. ACM, New York (1990)CrossRefGoogle Scholar
  13. 13.
    Streett, R.S.: Propositional dynamic logic of looping and converse. In: STOC 1981: Proceedings of the thirteenth annual ACM symposium on Theory of computing, pp. 375–383. ACM, New York (1981)CrossRefGoogle Scholar
  14. 14.
    Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP 1998: Proceedings of the second workshop on Formal methods in software practice, pp. 7–15. ACM, New York (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  1. 1.VERIMAG, Université Grenoble I, INPG, CNRSFrance

Personalised recommendations