Enforcing More with Less: Formalizing Target-aware Run-time Monitors (CMU-CyLab-12-009)
نویسندگان
چکیده
Run-time monitors ensure that untrusted software and system behavior adheres to a security policy. This paper defines an expressive formal framework, based on I/O automata, for modeling systems, policies, and run-time monitors in more detail than is typical. We explicitly model, for example, the environment, applications, and the interaction between them and monitors. The fidelity afforded by this framework allows us to study and explicitly formulate practical constraints on policy enforcement that were often only implicit in previous models, providing a more accurate view of what can be enforced by monitoring in practice. Moreover, we introduce two definitions of enforcement, target specific and generalized, that allow us to reason about practical monitoring scenarios. Finally, we provide some meta-theoretical comparison of these definitions and we apply them to investigate policy enforcement in scenarios where the monitor designer has knowledge of the target application and show how this can be exploited for making more efficient
منابع مشابه
Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors
Run-time monitors ensure that untrusted software and system behavior adheres to a security policy. This paper defines an expressive formal framework, based on I/O automata, for modeling systems, policies, and run-time monitors in more detail than is typical. We explicitly model, for example, the environment, applications, and the interaction between them and monitors. The fidelity afforded by t...
متن کاملEnforcing Non-safety Security Policies with Program Monitors
We consider the enforcement powers of program monitors, which intercept security-sensitive actions of a target application at run time and take remedial steps whenever the target attempts to execute a potentially dangerous action. A common belief in the security community is that program monitors, regardless of the remedial steps available to them when detecting violations, can only enforce saf...
متن کاملParametric Verification of Address Space Separation (CMU-CyLab-12-001)
The address translation subsystem of operating systems, hypervisors, and virtual machine monitors must correctly enforce address space separation in the presence of adversaries. The size, and hierarchical nesting, of the data structures over which such systems operate raise challenges for automated model checking techniques to be fruitfully applied to them. We address this problem by developing...
متن کاملEnforcing Conformance between Security Architecture and Implementation
Analysis at the level of a runtime architecture matches the way experts reason about security or privacy better than a purely code-based strategy. However, the architecture must still be correctly realized in the implementation. We previously developed Scholia to analyze, at compile time, communication integrity between arbitrary object-oriented code, and a rich, hierarchical intended runtime a...
متن کاملTowards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration (CMU-CyLab-08-009)
Signature-based input filtering is an important and widely deployed defense. But current signature generation methods have limited coverage and the generated signatures can be easily evaded by an attacker with small variations of the exploit message. In this paper, we propose protocol-level constraint-guided exploration, a new approach towards generating high coverage vulnerability-based signat...
متن کامل