Abstract
In-lining runtime monitors into untrusted binary programs via aspect-weaving is an increasingly popular technique for efficiently and flexibly securing untrusted mobile code. However, the complexity of the monitor implementation and in-lining process in these frameworks can lead to vulnerabilities and low assurance for code-consumers. This paper presents a machine-verification technique for aspect-oriented in-lined reference monitors based on abstract interpretation and model-checking. Rather than relying upon trusted advice, the system verifies semantic properties expressed in a purely declarative policy specification language. Experiments on a variety of real-world policies and Java applications demonstrate that the approach is practical and effective.
Supported by AFOSR award FA9550-08-1-0044 and NSF award NSF-1065216. Any views expressed do not necessarily reflect those of the NSF or AFOSR.
Chapter PDF
Similar content being viewed by others
References
Aktug, I., Dam, M., Gurov, D.: Provably Correct Runtime Monitoring. In: Cuellar, J., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 262–277. Springer, Heidelberg (2008)
Aktug, I., Naliuka, K.: ConSpec - a formal language for policy specification. Science of Comput. Prog. 74, 2–12 (2008)
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2, 117–126 (1986)
Chen, F., Roşu, G.: Java-MOP: A Monitoring Oriented Programming Environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. Sym. on Principles of Prog. Lang., pp. 234–252 (1977)
Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security Monitor Inlining for Multithreaded Java. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 546–569. Springer, Heidelberg (2009)
Dantas, D.S., Walker, D.: Harmless advice. In: Proc. ACM Sym. on Principles of Prog. Lang. (POPL), pp. 383–396 (2006)
Dantas, D.S., Walker, D., Washburn, G., Weirich, S.: AspectML: A polymorphic aspect-oriented functional programming language. ACM Trans. Prog. Lang. and Systems 30(3) (2008)
DeVries, B.W., Gupta, G., Hamlen, K.W., Moore, S., Sridhar, M.: ActionScript bytecode verification with co-logic programming. In: Proc. ACM Workshop on Prog. Lang. and Analysis for Security (PLAS), pp. 9–15 (2009)
Erlingsson, Ú.: The Inlined Reference Monitor Approach to Security Policy Enforcement. Ph.D. thesis, Cornell University, Ithaca, New York (2004)
Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop (NSPW), pp. 87–95 (1999)
FileInfo.com: Executable file types (2011), http://www.fileinfo.com/filetypes/executable
Flatt, M., Krishnamurthi, S., Felleisen, M.: Classes and mixins. In: Proc. ACM Sym. on Principles of Prog. Lang. (POPL), pp. 171–183 (1998)
Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Proc. ACM Workshop on Prog. Lang. and Analysis for Security (PLAS), pp. 11–20 (2008)
Hamlen, K.W., Jones, M.M., Sridhar, M.: Chekov: Aspect-oriented runtime monitor certification via model-checking (extended version). Tech. rep., Dept. of Comput. Science, U. Texas at Dallas (May 2011)
Hamlen, K.W., Mohan, V., Masud, M.M., Khan, L., Thuraisingham, B.: Exploiting an antivirus interface. Comput. Standards & Interfaces J. 31(6), 1182–1189 (2009)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on. NET. In: Proc. ACM Workshop on Prog. Lang. and Analysis for Security (PLAS), pp. 7–16 (2006)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Prog. Lang. and Systems 28(1), 175–205 (2006)
Jaffar, J., Maher, M.J.: Constraint logic programming: A survey. J. Log. Program., 503–581 (1994)
Jones, M., Hamlen, K.W.: Enforcing IRM security policies: Two case studies. In: Proc. IEEE Intelligence and Security Informatics (ISI) Conf., pp. 214–216 (2009)
Jones, M., Hamlen, K.W.: Disambiguating aspect-oriented policies. In: Proc. Int. Conf. on Aspect-Oriented Software Development (AOSD), pp. 193–204 (2010)
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An Overview of AspectJ. In: Lee, S.H. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)
Li, Z., Wang, X.: FIRM: Capability-based inline mediation of Flash behaviors. In: Proc. Annual Comput. Security Applications Conf. (ACSAC), pp. 181–190 (2010)
Ligatti, J.A.: Policy Enforcement via Program Monitoring. Ph.D. thesis, Princeton University, Princeton, New Jersey (2006)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. Information Security 4(1-2), 2–16 (2005)
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Information and Systems Security 12(3) (2009)
Schneider, F.B.: Enforceable security policies. ACM Trans. Information and Systems Security 3(1), 30–50 (2000)
Shah, V., Hill, F.: An aspect-oriented security framework. In: Proc. DARPA Information Survivability Conf. and Exposition, vol. 2 (2003)
Sridhar, M., Hamlen, K.W.: ActionScript In-Lined Reference Monitoring in Prolog. In: Carro, M., Peña, R. (eds.) PADL 2010. LNCS, vol. 5937, pp. 149–151. Springer, Heidelberg (2010)
Sridhar, M., Hamlen, K.W.: Model-Checking In-Lined Reference Monitors. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 312–327. Springer, Heidelberg (2010)
Sridhar, M., Hamlen, K.W.: Flexible in-lined reference monitor certification: Challenges and future directions. In: Proc. ACM Workshop on Prog. Lang. meets Program Verification (PLPV), pp. 55–60 (2011)
Viega, J., Bloch, J.T., Chandra, P.: Applying aspect-oriented programming to security. Cutter IT J. 14(2) (2001)
Walker, D.: A type system for expressive security policies. In: Proc. of ACM Sym. on Principles of Prog. Lang. (POPL) (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hamlen, K.W., Jones, M.M., Sridhar, M. (2012). Aspect-Oriented Runtime Monitor Certification. In: Flanagan, C., König, B. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2012. Lecture Notes in Computer Science, vol 7214. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28756-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-28756-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28755-8
Online ISBN: 978-3-642-28756-5
eBook Packages: Computer ScienceComputer Science (R0)