Authors: Raphaël Khoury; Nadia Tawbi
Addresses: Department of Computer Science and Mathematics, Université du Québec à Chicoutimi, Quebec City, Canada ' Department of Computer Science and Software Engineering, Laval University, Quebec City, Canada
Abstract: Runtime monitoring is a widely used approach for the enforcement of security policies. It allows the safe execution of untrusted code by observing the execution and reacting if needed to prevent a violation of a user-defined security policy. Previous studies have determined that the set of security properties enforceable by monitors is greatly extended by giving the monitor some licence to transform its target execution. In this study, we present a new framework to model and study the behaviour of such monitors. In order to assure that the enforcement is meaningful, we bound the monitor's ability to transform the target execution by a restriction stating that any transformation must preserve equivalence between the monitor's input and output. We proceed by giving examples of meaningful equivalence relations and identify the security policies that are enforceable with their use. We also relate our work to previous work in this field. Finally, we investigate how an a priori knowledge of the target program's behaviour would increase the monitor's enforcement power.
Keywords: dynamic analysis; runtime monitoring; enforceable properties; security properties; corrective enforcement; equivalence preservation; modelling; meaningful equivalence relations; security policies; untrusted code.
International Journal of Information and Computer Security, 2015 Vol.7 No.2/3/4, pp.113 - 139
Accepted: 18 Nov 2014
Published online: 12 Nov 2015 *