Formally Verified, Tag-Based Security Monitors
نویسندگان
چکیده
Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level “symbolic machine,” and we use this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety; in addition, we show how to use the tagging mechanism to protect its own integrity. For each micro-policy, we prove by refinement that the symbolic machine instantiated with the policy’s rules embodies a high-level specification characterizing a useful security property. Last, we show how the symbolic machine itself can be implemented in terms of a hardware rule cache and a software controller.
منابع مشابه
Formally-Based Black-Box Monitoring of Security Protocols
In the challenge of ensuring the correct behaviour of legacy implementations of security protocols, a formally-based approach is presented to design and implement monitors that stop insecure protocol runs executed by such legacy implementations, without the need of their source code. We validate the approach at a case study about monitoring several SSL legacy implementations. Recently, a securi...
متن کاملMicro-Policies: A Framework for Verified, Tag-Based Security Monitors
Today’s computer systems are distressingly insecure, but many of their vulnerabilities can be avoided if low-level code is constrained to obey sensible safety and security properties. Ideally, such properties might be enforced statically, but for obtaining pervasive guarantees all the way to the level of running machine code it is often more practical to detect and prevent violations dynamicall...
متن کاملMicro-Policies: A Framework for Verified, Tag-Based Security Monitors
Today’s computer systems are distressingly insecure, but many of their vulnerabilities can be avoided if low-level code is constrained to obey sensible safety and security properties. Ideally, such properties might be enforced statically, but for obtaining pervasive guarantees all the way to the level of running machine code it is often more practical to detect and prevent violations dynamicall...
متن کاملAutomated Verification of Exam , Cash , Reputation , and Routing Protocols
Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used. To ensure security in such applications several security protocols have been developed. However, the design of complex security protocols is notoriously difficult and error-prone. Several flaws have been found on protocols that ar...
متن کاملEnforcing Non-safety Security Policies with Program Monitors
We consider the enforcement powers of program monitors, which intercept security-sensitive actions of a target application at run time and take remedial steps whenever the target attempts to execute a potentially dangerous action. A common belief in the security community is that program monitors, regardless of the remedial steps available to them when detecting violations, can only enforce saf...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015