Advertisement

Abstract

Runtime monitoring and verification systems monitor target’s events and verify them against specifications during program execution. For such systems the same event might trigger different monitors remedial actions, which can be contradictory in behavior or complementary (with a specific order). This urges the need to have a method to detect and resolve potential conflict between monitors.

In this paper, we present a formal model for modeling monitors based on Finite State Transducers. Monitors in the model are transducers with events as their input and output alphabet. Monitors composition is used for those monitors in conflict, where each monitor can add to the output set of events, but it can never remove an event. The output set of events is later evaluated using 2 rewrite rules and resulting in non-conflicting behavior.

Keywords

System Call Output Event Remedial Action File Network Input Event 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Allan, C., Avgustinov, P., Christensen, A.S., Hendren, L.J., Kuzins, S., Lhoták, O., de Moor, O., Sereni, D., Sittampalam, G., Tibble, J.: Adding trace matching with free variables to AspectJ. In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2005), pp. 345–364. ACM (2005)Google Scholar
  2. 2.
    Bauer, L., Ligatti, J., Walker, D.: A language and system for enforcing run-time security policies. Tech. Rep. TR-699-04, Princeton University (2004)Google Scholar
  3. 3.
    Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. SIGPLAN Not. 40, 305–314 (2005)CrossRefGoogle Scholar
  4. 4.
    Chen, F., Roşu, G.: MOP: An efficient and generic runtime verification framework. In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2007), pp. 569–588. ACM (2007)Google Scholar
  5. 5.
    Erlingsson, U., Schneider, F.B.: IRM enforcement of java stack inspection. In: IEEE Symposium on Security and Privacy (SOSP 2000), pp. 246–255. IEEE (2000)Google Scholar
  6. 6.
    Evans, D.: Policy-Directed Code Safety. Ph.D. thesis, MIT (2000)Google Scholar
  7. 7.
    Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE Symposium on Security and Privacy (SOSP 1999), pp. 32–45. IEEE (1999)Google Scholar
  8. 8.
    Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 11–20. ACM (2008)Google Scholar
  9. 9.
    Jones, M., Hamlen, K.W.: Enforcing IRM security policies: two case studies. In: Intelligence and Security Informatics (ISI 2009), pp. 214–216. IEEE (2009)Google Scholar
  10. 10.
    Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An Overview of AspectJ. In: Lee, S.H. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Ligatti, J.A.: Policy Enforcement via Program Monitoring. Ph.D. thesis, Princeton University (2006)Google Scholar
  12. 12.
    Ligatti, J., Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Journal of Information Security 4, 2–16 (2003)CrossRefzbMATHGoogle Scholar
  13. 13.
    Lomsak, D., Ligatti, J.: PoliSeer: A tool for managing complex security policies. In: International Federation for Information Processing Conference on Trust Management, IFIP-TM (2010)Google Scholar
  14. 14.
    Meredith, P.O., Jin, D., Griffth, D., Chen, F., Roşu, G.: An overview of monitoring oriented programming. Journal on Software Tools for Technology Transfer (to appear, 2011)Google Scholar
  15. 15.
    Meredith, P.O., Jin, D., Griffth, D., Chen, F., Roşu, G.: An overview of the MOP runtime verification framework. Journal on Software Techniques for Technology Transfer (to appear, 2011)Google Scholar
  16. 16.
    Roche, E., Schabes, Y. (eds.): Finite-State Language Processing. Bradford Book, MIT Press, Cambridge, Massachusetts (1997)zbMATHGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Soha Hussein
    • 1
  1. 1.University of Illinois at Urbana-ChampaignUSA

Personalised recommendations