Extending the enforcement power of truncation monitors using static analysis

Chabot, Hugues; Khoury, Raphaël; Tawbi, Nadia

doi:10.1016/j.cose.2010.11.004

Cited by 23 publications

(19 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This knowledge can be exploited to use simpler-than-expected monitors to enforce (seemingly) complex policies. Although similar observations have been made before (e.g., program re-writing [14], non-uniformity [17], use of static analysis [7]), our approach formalizes them within a single framework, which allows new results that were beyond the scope of previous work, as we demonstrate in the following section.…”

Section: Lower Bounds Of Enforceable Policiesmentioning

confidence: 79%

Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

Mallios

Bauer

Kaynar

et al. 2013

Security and Trust Management

View full text Add to dashboard Cite

Abstract. Run-time monitors ensure that untrusted software and system behavior adheres to a security policy. This paper defines an expressive formal framework, based on I/O automata, for modeling systems, policies, and run-time monitors in more detail than is typical. We explicitly model, for example, the environment, applications, and the interaction between them and monitors. The fidelity afforded by this framework allows us to explicitly formulate and study practical constraints on policy enforcement that were often only implicit in previous models, providing a more accurate view of what can be enforced by monitoring in practice. We introduce two definitions of enforcement, target-specific and generalized, that allow us to reason about practical monitoring scenarios. Finally, we provide some meta-theoretical comparison of these definitions and we apply them to investigate policy enforcement in scenarios where the monitor designer has knowledge of the target application and show how this can be exploited to make more efficient design choices.

show abstract

Section: Lower Bounds Of Enforceable Policiesmentioning

confidence: 79%

Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

Mallios

Bauer

Kaynar

et al. 2013

Security and Trust Management

View full text Add to dashboard Cite

show abstract

“…For this, one can rely on existing classical classifications of properties, such as the safetyliveness "dichotomy" [4,66,103] or the safety-progress hierarchy [27,71] classifications. There exist several delineations of enforceable/non-enforceable properties based on different assumptions and EMs; see e.g., [26,48,58,68,98]. Application domains ( Fig.…”

Section: Deploymentmentioning

confidence: 99%

On the Runtime Enforcement of Timed Properties

Falcone

Pinisetty

2019

Runtime Verification

View full text Add to dashboard Cite

Runtime enforcement refers to the theories, techniques, and tools for enforcing correct behavior of systems at runtime. We are interested in such behaviors described by specifications that feature timing constraints formalized in what is generally referred to as timed properties. This tutorial presents a gentle introduction to runtime enforcement (of timed properties). First, we present a taxonomy of the main principles and concepts involved in runtime enforcement. Then, we give a brief overview of a line of research on theoretical runtime enforcement where timed properties are described by timed automata and feature uncontrollable events. Then, we mention some tools capable of runtime enforcement, and we present the TiPEX tool dedicated to timed properties. Finally, we present some open challenges and avenues for future work.

show abstract

“…Execution Monitoring belongs to the class of dynamic analysis techniques that include many other interesting works like [13], [25], [26]. Static analysis [8], [9], [10], [11] approaches, in the other hand, can be used to significantly decrease the overhead involved by the dynamic approach.…”

Section: Recent Work Of Clarkson and Schneider Introducesmentioning

confidence: 99%

FASER (Formal and Automatic Security Enforcement by Rewriting): An algebraic approach

Sui

Mejri

Sta

2012

2012 IEEE Symposium on Computational Intelligence for Security and Defence Applications

View full text Add to dashboard Cite

Recent research confirmed that program rewriting techniques are powerful mechanisms for security enforcement, since they gather advantages of both static and dynamic approaches. In a previous work, we introduced the basic ideas underlying a program rewriting approach allowing to automatically enforce a security policy on an untrusted program. In this approach, a security policy and an untrusted program are specified as two processes in an extended version of the BPA (Basic Process Algebra) and the security enforcement problem is transformed to a resolution of a linear system generated from them. The enforced version of a program "behaves" like the original one except that it will be aborted when it tries to violate the security policy.In this paper, we better formalize the approach; we prove its foundation; we endow it with a high level logic to specify security policy and we implement a prototype that shows its efficiency.

show abstract

Extending the enforcement power of truncation monitors using static analysis

Cited by 23 publications

References 13 publications

Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

On the Runtime Enforcement of Timed Properties

FASER (Formal and Automatic Security Enforcement by Rewriting): An algebraic approach

Contact Info

Product

Resources

About