Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties
نویسندگان
چکیده
Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progress classification of properties. It allows a fine-grain characterization of the space of enforceable properties. Finally, we propose a systematic technique to produce an enforcement monitor from the Streett automaton recognizing a given safety, guarantee, obligation or response security property.
منابع مشابه
Runtime enforcement monitors: composition, synthesis, and enforcement abilities
Runtime enforcement is a powerful technique to ensure that a program will respect a given set of properties. We extend previous work on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general Safety-Prog...
متن کاملRuntime Verification of Safety-Progress Properties
The underlying property, its definition and representation play a major role when monitoring a system. Having a suitable and convenient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the spaces of properties for which runtime verification approaches can be applied to. This paper presents a unified view of runtime verificati...
متن کاملExtending the Safety-Progress Classification of Properties in a Runtime Verification Context
This paper revisit and extends results about the Safety-Progress classification of properties introduced by Chang, Manna, and Pnueli [1]. Our work is motivated by runtime verification, as so we believe that this general classification is a good basis for specifying properties. In runtime verification, a major and distinguishing feature is the interest of finite execution sequences and their val...
متن کاملMonitoring Off-the-Shelf Components
Software is being developed from off-the-shelf third party components. The interface specification of such a component may be under specified or may not fully match the user requirement. In this paper, we address the problem of customizing such components to particular users. We achieve this by constructing a monitor that monitors the component and detects any bad behaviors. Construction of suc...
متن کاملEnforcing Non-safety Security Policies with Program Monitors
We consider the enforcement powers of program monitors, which intercept security-sensitive actions of a target application at run time and take remedial steps whenever the target attempts to execute a potentially dangerous action. A common belief in the security community is that program monitors, regardless of the remedial steps available to them when detecting violations, can only enforce saf...
متن کامل