Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Tools and Algorithms for the Construction and Analysis of Systems

TACAS 2012: Tools and Algorithms for the Construction and Analysis of Systems pp 126–140Cite as

  1. Home
  2. Tools and Algorithms for the Construction and Analysis of Systems
  3. Conference paper
Aspect-Oriented Runtime Monitor Certification

Aspect-Oriented Runtime Monitor Certification

  • Kevin W. Hamlen18,
  • Micah M. Jones18 &
  • Meera Sridhar18 
  • Conference paper
  • 2572 Accesses

  • 6 Citations

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 7214)

Abstract

In-lining runtime monitors into untrusted binary programs via aspect-weaving is an increasingly popular technique for efficiently and flexibly securing untrusted mobile code. However, the complexity of the monitor implementation and in-lining process in these frameworks can lead to vulnerabilities and low assurance for code-consumers. This paper presents a machine-verification technique for aspect-oriented in-lined reference monitors based on abstract interpretation and model-checking. Rather than relying upon trusted advice, the system verifies semantic properties expressed in a purely declarative policy specification language. Experiments on a variety of real-world policies and Java applications demonstrate that the approach is practical and effective.

Keywords

  • Abstract interpretation
  • in-lined reference monitors
  • model-checking
  • security

Supported by AFOSR award FA9550-08-1-0044 and NSF award NSF-1065216. Any views expressed do not necessarily reflect those of the NSF or AFOSR.

Download conference paper PDF

References

  1. Aktug, I., Dam, M., Gurov, D.: Provably Correct Runtime Monitoring. In: Cuellar, J., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 262–277. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  2. Aktug, I., Naliuka, K.: ConSpec - a formal language for policy specification. Science of Comput. Prog. 74, 2–12 (2008)

    CrossRef  MathSciNet  MATH  Google Scholar 

  3. Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2, 117–126 (1986)

    CrossRef  Google Scholar 

  4. Chen, F., Roşu, G.: Java-MOP: A Monitoring Oriented Programming Environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  5. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. Sym. on Principles of Prog. Lang., pp. 234–252 (1977)

    Google Scholar 

  6. Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security Monitor Inlining for Multithreaded Java. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 546–569. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  7. Dantas, D.S., Walker, D.: Harmless advice. In: Proc. ACM Sym. on Principles of Prog. Lang. (POPL), pp. 383–396 (2006)

    Google Scholar 

  8. Dantas, D.S., Walker, D., Washburn, G., Weirich, S.: AspectML: A polymorphic aspect-oriented functional programming language. ACM Trans. Prog. Lang. and Systems 30(3) (2008)

    Google Scholar 

  9. DeVries, B.W., Gupta, G., Hamlen, K.W., Moore, S., Sridhar, M.: ActionScript bytecode verification with co-logic programming. In: Proc. ACM Workshop on Prog. Lang. and Analysis for Security (PLAS), pp. 9–15 (2009)

    Google Scholar 

  10. Erlingsson, Ú.: The Inlined Reference Monitor Approach to Security Policy Enforcement. Ph.D. thesis, Cornell University, Ithaca, New York (2004)

    Google Scholar 

  11. Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop (NSPW), pp. 87–95 (1999)

    Google Scholar 

  12. FileInfo.com: Executable file types (2011), http://www.fileinfo.com/filetypes/executable

  13. Flatt, M., Krishnamurthi, S., Felleisen, M.: Classes and mixins. In: Proc. ACM Sym. on Principles of Prog. Lang. (POPL), pp. 171–183 (1998)

    Google Scholar 

  14. Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Proc. ACM Workshop on Prog. Lang. and Analysis for Security (PLAS), pp. 11–20 (2008)

    Google Scholar 

  15. Hamlen, K.W., Jones, M.M., Sridhar, M.: Chekov: Aspect-oriented runtime monitor certification via model-checking (extended version). Tech. rep., Dept. of Comput. Science, U. Texas at Dallas (May 2011)

    Google Scholar 

  16. Hamlen, K.W., Mohan, V., Masud, M.M., Khan, L., Thuraisingham, B.: Exploiting an antivirus interface. Comput. Standards & Interfaces J. 31(6), 1182–1189 (2009)

    CrossRef  Google Scholar 

  17. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on. NET. In: Proc. ACM Workshop on Prog. Lang. and Analysis for Security (PLAS), pp. 7–16 (2006)

    Google Scholar 

  18. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Prog. Lang. and Systems 28(1), 175–205 (2006)

    CrossRef  Google Scholar 

  19. Jaffar, J., Maher, M.J.: Constraint logic programming: A survey. J. Log. Program., 503–581 (1994)

    Google Scholar 

  20. Jones, M., Hamlen, K.W.: Enforcing IRM security policies: Two case studies. In: Proc. IEEE Intelligence and Security Informatics (ISI) Conf., pp. 214–216 (2009)

    Google Scholar 

  21. Jones, M., Hamlen, K.W.: Disambiguating aspect-oriented policies. In: Proc. Int. Conf. on Aspect-Oriented Software Development (AOSD), pp. 193–204 (2010)

    Google Scholar 

  22. Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An Overview of AspectJ. In: Lee, S.H. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  23. Li, Z., Wang, X.: FIRM: Capability-based inline mediation of Flash behaviors. In: Proc. Annual Comput. Security Applications Conf. (ACSAC), pp. 181–190 (2010)

    Google Scholar 

  24. Ligatti, J.A.: Policy Enforcement via Program Monitoring. Ph.D. thesis, Princeton University, Princeton, New Jersey (2006)

    Google Scholar 

  25. Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. Information Security 4(1-2), 2–16 (2005)

    CrossRef  Google Scholar 

  26. Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Information and Systems Security 12(3) (2009)

    Google Scholar 

  27. Schneider, F.B.: Enforceable security policies. ACM Trans. Information and Systems Security 3(1), 30–50 (2000)

    CrossRef  Google Scholar 

  28. Shah, V., Hill, F.: An aspect-oriented security framework. In: Proc. DARPA Information Survivability Conf. and Exposition, vol. 2 (2003)

    Google Scholar 

  29. Sridhar, M., Hamlen, K.W.: ActionScript In-Lined Reference Monitoring in Prolog. In: Carro, M., Peña, R. (eds.) PADL 2010. LNCS, vol. 5937, pp. 149–151. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  30. Sridhar, M., Hamlen, K.W.: Model-Checking In-Lined Reference Monitors. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 312–327. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  31. Sridhar, M., Hamlen, K.W.: Flexible in-lined reference monitor certification: Challenges and future directions. In: Proc. ACM Workshop on Prog. Lang. meets Program Verification (PLPV), pp. 55–60 (2011)

    Google Scholar 

  32. Viega, J., Bloch, J.T., Chandra, P.: Applying aspect-oriented programming to security. Cutter IT J. 14(2) (2001)

    Google Scholar 

  33. Walker, D.: A type system for expressive security policies. In: Proc. of ACM Sym. on Principles of Prog. Lang. (POPL) (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Texas, Dallas, USA

    Kevin W. Hamlen, Micah M. Jones & Meera Sridhar

Authors
  1. Kevin W. Hamlen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Micah M. Jones
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meera Sridhar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of California at Santa Cruz, 1156 High Street, 95064, Santa Cruz, CA, USA

    Cormac Flanagan

  2. Fakultät für Ingenieurwesen, Abteilung für Informatik und Angewandte Kognitionswissenschaft, Universität Duisburg-Essen, Lotharstraße 65, 47057, Duisburg, Germany

    Barbara König

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hamlen, K.W., Jones, M.M., Sridhar, M. (2012). Aspect-Oriented Runtime Monitor Certification. In: Flanagan, C., König, B. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2012. Lecture Notes in Computer Science, vol 7214. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28756-5_10

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-28756-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28755-8

  • Online ISBN: 978-3-642-28756-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature