1 / 10

More Enforceable Security Policies

More Enforceable Security Policies. Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato). Language-Based Security. language-based security mechanisms operate by analyzing and modifying program behavior

ling
Download Presentation

More Enforceable Security Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)

  2. Language-Based Security • language-based security mechanisms operate by analyzing and modifying program behavior • static mechanisms (analysis at link time) • type checking, proof checking, abstract interpretation • dynamic mechanisms (analysis at run time) • access control lists, stack inspection, capabilities FCS 02

  3. Program Monitors • A program monitor is a computation that runs in parallel with an untrusted application • monitors detect, prevent, and recover from application errors at run time • monitor decisions may be based on the history of all actions an application has executed • we assume monitors have no knowledge of future application actions FCS 02

  4. Program Monitors: Good operations Monitor Application foo FCS 02

  5. Program Monitors: Bad operations Monitor Application foo halt! FCS 02

  6. Program Monitors: Options • A program monitor may do any of the following when it recognizes a dangerous operation: • abort the application • suppress (skip) the operation but allow the application to continue • perform some computation on behalf of (against the wishes of) the application FCS 02

  7. This paper • Formalizes the notion of a program monitor by providing operational semantics for • security automata [Schneider 00] • insertion automata • suppression automata • edit automata FCS 02

  8. This paper • Begins to address the fundamental question of what run-time security policies can be enforced by program monitors • security automata are the least powerful • suppression and insertion automata are more powerful than security automata but incomparable • edit automata are the most powerful FCS 02

  9. Current Work • We are currently developing a programming language called Polymer • Poymer allows programmers to define higher-order, first-class and modular program monitors • Poymer has logical combinators (⊤ ⋀ ⊥ ⋁) that allow programmers to build complex policies from simple ones • Polymer provides security against untrusted Java applications FCS 02

  10. Conclusions • There are two equally important aspects of language-based security • static program analysis • dynamic program analysis • Most of the research in the programming languages community has focused on the first at the expense of the second • we plan to fix this! FCS 02

More Related