Extending the enforcement power of truncation monitors using static analysis |
| |
Authors: | Hugues Chabot Author VitaeRaphaël KhouryAuthor Vitae Nadia Tawbi Author Vitae |
| |
Affiliation: | Département d’informatique et de génie logiciel, Université Laval, 1065, av. de la Médecine, Québec City, Québec, Canada G1V 0A6 |
| |
Abstract: | Runtime monitors are a widely used approach to enforcing security policies. Truncation monitors are based on the idea of truncating an execution before a violation occurs. Thus, the range of security policies they can enforce is limited to safety properties. The use of an a priori static analysis of the target program is a possible way of extending the range of monitorable properties. This paper presents an approach to producing an in-lined truncation monitor, which draws upon the above intuition. Based on an a priori knowledge of the program behavior, this approach allows, in some cases, to enforce more than safety properties and is more powerful than a classical truncation mechanism. We provide and prove a theorem stating that a truncation enforcement mechanism considering only the set of possible executions of a specific program is strictly more powerful than a mechanism considering all the executions over an alphabet of actions. |
| |
Keywords: | Computer security Dynamic analysis Monitoring Software safety |
本文献已被 ScienceDirect 等数据库收录! |
|