Download presentation
Presentation is loading. Please wait.
1
More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)
2
FCS 02Bauer, Ligatti, Walker Language-Based Security language-based security mechanisms operate by analyzing and modifying program behavior –static mechanisms (analysis at link time) type checking, proof checking, abstract interpretation –dynamic mechanisms (analysis at run time) access control lists, stack inspection, capabilities
3
FCS 02Bauer, Ligatti, Walker Program Monitors A program monitor is a computation that runs in parallel with an untrusted application –monitors detect, prevent, and recover from application errors at run time –monitor decisions may be based on the history of all actions an application has executed –we assume monitors have no knowledge of future application actions
4
FCS 02Bauer, Ligatti, Walker Program Monitors: Good operations Application Monitor foo
5
FCS 02Bauer, Ligatti, Walker Program Monitors: Bad operations Application Monitor foo halt!
6
FCS 02Bauer, Ligatti, Walker Program Monitors: Options A program monitor may do any of the following when it recognizes a dangerous operation: –abort the application –suppress (skip) the operation but allow the application to continue –perform some computation on behalf of (against the wishes of) the application
7
FCS 02Bauer, Ligatti, Walker This paper Formalizes the notion of a program monitor by providing operational semantics for –security automata [Schneider 00] –insertion automata –suppression automata –edit automata
8
FCS 02Bauer, Ligatti, Walker This paper Begins to address the fundamental question of what run-time security policies can be enforced by program monitors –security automata are the least powerful –suppression and insertion automata are more powerful than security automata but incomparable –edit automata are the most powerful
9
FCS 02Bauer, Ligatti, Walker Current Work We are currently developing a programming language called Polymer –Poymer allows programmers to define higher-order, first-class and modular program monitors –Poymer has logical combinators ( ⊤ ⋀ ⊥ ⋁ ) that allow programmers to build complex policies from simple ones –Polymer provides security against untrusted Java applications
10
FCS 02Bauer, Ligatti, Walker Conclusions There are two equally important aspects of language-based security –static program analysis –dynamic program analysis Most of the research in the programming languages community has focused on the first at the expense of the second –we plan to fix this!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.