more enforceable security policies n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
More Enforceable Security Policies PowerPoint Presentation
Download Presentation
More Enforceable Security Policies

Loading in 2 Seconds...

play fullscreen
1 / 10

More Enforceable Security Policies - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

More Enforceable Security Policies. Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato). Language-Based Security. language-based security mechanisms operate by analyzing and modifying program behavior

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

More Enforceable Security Policies


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
more enforceable security policies

More Enforceable Security Policies

Lujo Bauer, Jay Ligatti and David Walker

Princeton University

(graciously presented by Iliano Cervesato)

language based security
Language-Based Security
  • language-based security mechanisms operate by analyzing and modifying program behavior
    • static mechanisms (analysis at link time)
      • type checking, proof checking, abstract interpretation
    • dynamic mechanisms (analysis at run time)
      • access control lists, stack inspection, capabilities

FCS 02

program monitors
Program Monitors
  • A program monitor is a computation that runs in parallel with an untrusted application
    • monitors detect, prevent, and recover from application errors at run time
    • monitor decisions may be based on the history of all actions an application has executed
    • we assume monitors have no knowledge of future application actions

FCS 02

program monitors good operations
Program Monitors: Good operations

Monitor

Application

foo

FCS 02

program monitors bad operations
Program Monitors: Bad operations

Monitor

Application

foo

halt!

FCS 02

program monitors options
Program Monitors: Options
  • A program monitor may do any of the following when it recognizes a dangerous operation:
    • abort the application
    • suppress (skip) the operation but allow the application to continue
    • perform some computation on behalf of (against the wishes of) the application

FCS 02

this paper
This paper
  • Formalizes the notion of a program monitor by providing operational semantics for
    • security automata [Schneider 00]
    • insertion automata
    • suppression automata
    • edit automata

FCS 02

this paper1
This paper
  • Begins to address the fundamental question of what run-time security policies can be enforced by program monitors
    • security automata are the least powerful
    • suppression and insertion automata are more powerful than security automata but incomparable
    • edit automata are the most powerful

FCS 02

current work
Current Work
  • We are currently developing a programming language called Polymer
    • Poymer allows programmers to define higher-order, first-class and modular program monitors
    • Poymer has logical combinators (⊤ ⋀ ⊥ ⋁) that allow programmers to build complex policies from simple ones
    • Polymer provides security against untrusted Java applications

FCS 02

conclusions
Conclusions
  • There are two equally important aspects of language-based security
    • static program analysis
    • dynamic program analysis
  • Most of the research in the programming languages community has focused on the first at the expense of the second
    • we plan to fix this!

FCS 02