Security enforcement mechanisms like execution monitors are used to make sure that some untrusted program complies with a policy. Different enforcement mechanisms have different strengths and weaknesses and hence it is important to understand the qualities of various enforcement mechanisms. This paper studies runtime enforcement mechanisms for reactive programs. We study the impact of two important constraints that many practical enforcement mechanisms satisfy: (1) the enforcement mechanism must handle each input/output event in finite time and on occurrence of the event (as opposed to for instance Ligatti’s edit automata that have the power to buffer events for an arbitrary amount of time), and (2) the enforcement mechanism treats the untrusted program as a black box: it can monitor and/or edit the input/output events that the program exhibits on execution and it can explore alternative executions of the program by running additional copies of the program and providing these different inputs. It can not inspect the source or machine code of the untrusted program. Such enforcement mechanisms are important in practice: they include for instance many execution monitors, virtual machine monitors, and secure multi-execution or shadow executions. We establish upper and lower bounds for the class of policies that are enforceable by such black box mechanisms, and we propose a generic enforcement mechanism that works for a wide range of policies. We also show how our generic enforcement mechanism can be instantiated to enforce specific classes of policies, at the same time showing that many existing enforcement mechanisms are optimized instances of our construction.
Runtime Enforcement of Security Policies on Black Box Reactive Programs / Ngo, Nguyen Nhat Minh; Massacci, Fabio; Dimiter, Milushev; Frank, Piessens. - STAMPA. - (2015), pp. -43. ((Intervento presentato al convegno POPL2015 tenutosi a Mumbai India nel 12-18 January, 2015.
|Titolo:||Runtime Enforcement of Security Policies on Black Box Reactive Programs|
|Autori:||Ngo, Nguyen Nhat Minh; Massacci, Fabio; Dimiter, Milushev; Frank, Piessens|
|Titolo del volume contenente il saggio:||Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages|
|Luogo di edizione:||New York|
|Anno di pubblicazione:||2015|
|Codice identificativo Scopus:||2-s2.0-84939553293|
|Codice identificativo ISI:||WOS:000354800500005|
|Citazione:||Runtime Enforcement of Security Policies on Black Box Reactive Programs / Ngo, Nguyen Nhat Minh; Massacci, Fabio; Dimiter, Milushev; Frank, Piessens. - STAMPA. - (2015), pp. -43. ((Intervento presentato al convegno POPL2015 tenutosi a Mumbai India nel 12-18 January, 2015.|
|Appare nelle tipologie:||04.1 Saggio in atti di convegno (Paper in proceedings)|
File in questo prodotto:
|popl070-ngo-deepak.pdf||Post-print referato (Refereed author’s manuscript)||Tutti i diritti riservati (All rights reserved)||Open Access Visualizza/Apri|
|2676726.2676978 .pdf||Versione editoriale (Publisher’s layout)||Tutti i diritti riservati (All rights reserved)||Administrator|