Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modular Program Monitors David Walker Princeton University (joint work with Lujo Bauer and Jay Ligatti)

Published byHorace Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "Modular Program Monitors David Walker Princeton University (joint work with Lujo Bauer and Jay Ligatti)"— Presentation transcript:

1 Modular Program Monitors David Walker Princeton University (joint work with Lujo Bauer and Jay Ligatti)

2 Modular Run-time Program MonitorsDavid Walker Program Monitors A program monitor is a coroutine that runs in parallel with an untrusted application –monitors process security-relevant actions decide to allow/disallow application actions may terminate or suspend application execution –monitors detect, prevent, and recover from erroneous or malicious applications at run time

3 Modular Run-time Program MonitorsDavid Walker Simple Monitor Structure Monitors have 3 components –set of security-relevant application actions –security state –computation a Access Control Monitor fopen fclose actions acl state computation acl lookup

4 Modular Run-time Program MonitorsDavid Walker Polymer Project Polymer –An extension of Java designed to simplify construction of run-time program monitors Design methodology –A formula for producing well-structured, easy-to-understand, easy-to-modify monitors

5 Modular Run-time Program MonitorsDavid Walker Policy Architecture: The Problem Java core Polymer language extensions Host System (Java) Program Monitor Definition Untrusted application

6 Modular Run-time Program MonitorsDavid Walker Policy Architecture: Simple Policies Java core Polymer language extensions Host System (Java) Simple Policy Def. system interface

7 Modular Run-time Program MonitorsDavid Walker class limitFiles extends Policy { private int openFiles = 0; private int maxOpen = 0; limitFiles(int max) { maxOpen = max; }.... } A Simple Polymer Policy private policy state, protected from malicious applications policy constructor

8 Modular Run-time Program MonitorsDavid Walker class limitFiles extends Policy { private int openFiles =... private int maxOpen =... private ActionSet actions = new ActionSet( new String[] {“fileOpen(String)”, “fileClose()”} );.... } A Simple Polymer Policy Continued set of policy- relevant methods

9 Modular Run-time Program MonitorsDavid Walker class limitFiles extends Policy { private ActionSet actions =... private int openFiles =... private int maxOpen =... Suggestion step(Action a) { aswitch (a) { case fileOpen(String s) : if (++openFiles <= maxOpen) return Suggestion.OK(); else return Suggestion.Halt(); case fileClose() :... A Simple Polymer Policy Continued policy behaviour

10 Modular Run-time Program MonitorsDavid Walker class limitFiles extends Policy { private ActionSet actions =... private int openFiles =... private int maxOpen =... Suggestion step(Action a) { aswitch (a) { case fileOpen(String s) : if (++openFiles <= maxOpen) return Suggestion.OK(); else return Suggestion.Halt(); case fileClose() :... A Simple Polymer Policy Continued

11 Modular Run-time Program MonitorsDavid Walker class limitFiles extends Policy { private ActionSet actions =... private int openFiles =... private int maxOpen =... Suggestion step(Action a) { aswitch (a) { case fileOpen(String s) : if (++openFiles <= maxOpen) return Suggestion.OK(); else return Suggestion.Halt(); case fileClose() :... A Simple Polymer Policy Continued

12 Modular Run-time Program MonitorsDavid Walker class limitFiles extends Policy { private ActionSet actions =... private int openFiles =... private int maxOpen =... Suggestion step(Action a) { aswitch (a) { case fileOpen(String s) : if (++openFiles <= maxOpen) return Suggestion.OK(); else return Suggestion.Halt(); case fileClose() :... A Simple Polymer Policy Continued

13 Modular Run-time Program MonitorsDavid Walker Realistic Monitors Protect complex system interfaces –interfaces replicate functionality in many different places –method parameters communicate information in different forms –eg: Java file system interface 9 different methods to open files 4 different methods to close files filename strings, file objects, self used to identify files

14 Modular Run-time Program MonitorsDavid Walker Policy Architecture: Abstract Actions Java core Polymer language extensions Host System (Java) Abstract Action Def. concrete system interface abstract system interface Simple Policy Def.

15 Modular Run-time Program MonitorsDavid Walker Abstract Action Definitions java.lang.io FileReader(String fileName); FileReader(File file); RandomAccessFile(...);... FileReader.close(); RandomAccessFile.close();... fileOpen(String n); fileClose();

16 Modular Run-time Program MonitorsDavid Walker Realistic Monitors Combine simple policies defined over a variety of different resources –eg: sample applet policy file system access control bounds on bytes written and number of files opened restricted network access –no access after file system read –communication with applet source only

17 Modular Run-time Program MonitorsDavid Walker Policy Architecture: Complex Policies Java core Polymer language extensions Host System (Java) Abstract Action Def. Simple Policy Def. Policy Comb. Def. Complex, System-specific Policy concrete system interface abstract system interface

18 Modular Run-time Program MonitorsDavid Walker Policy Combinators Conjunction, Disjunction, Chinese wall,... s1 s2 Conjunctive Policy P1P2  s

19 Modular Run-time Program MonitorsDavid Walker Related Work Aspect-oriented programming –New polymer features: first-class suggestions, abstract actions, action patterns, policy combinators, policy architecture, formal semantics Monitoring languages Poet and Pslang, Naccio, Ariel, Spin Kernel Logical monitoring specifications MAC (temporal logic), Bigwig (second-order monadic logic)

20 Modular Run-time Program MonitorsDavid Walker Summary: Polymer First steps towards the design of a modern language for programming modular run- time security monitors For future software releases & papers see –www.cs.princeton.edu/sip/projects/polymer/

21 Modular Run-time Program MonitorsDavid Walker End

Download ppt "Modular Program Monitors David Walker Princeton University (joint work with Lujo Bauer and Jay Ligatti)"

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
1 Composing Security Policies with Polymer Jay Ligatti (Princeton); joint work with: Lujo Bauer (CMU), David Walker (Princeton)

1 Composing Security Policies with Polymer Jay Ligatti (Princeton); joint work with: Lujo Bauer (CMU), David Walker (Princeton)
Operating System Structures

Operating System Structures
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
08/03/071/41 Polymer: A Language and System for Specifying Complex, Modular Run-time Policies Jay Ligatti, University of South Florida Joint work with:

08/03/071/41 Polymer: A Language and System for Specifying Complex, Modular Run-time Policies Jay Ligatti, University of South Florida Joint work with:
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
H28.1 6-Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.

H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)

An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.

1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.
Software Security Monitors: Theory & Practice David Walker Princeton University (joint work with Lujo Bauer and Jay Ligatti)

Software Security Monitors: Theory & Practice David Walker Princeton University (joint work with Lujo Bauer and Jay Ligatti)
Introduction to Java Programming

Introduction to Java Programming
Principles of Object-Oriented Software Development The language Java.

Principles of Object-Oriented Software Development The language Java.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Satzinger, Jackson, and Burd Object-Orieneted Analysis & Design

Satzinger, Jackson, and Burd Object-Orieneted Analysis & Design
More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)

More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Scott Grissom, copyright 2004Ch 3: Java Features Slide 1 Why Java? It is object-oriented provides many ready to use classes platform independent modern.

Scott Grissom, copyright 2004Ch 3: Java Features Slide 1 Why Java? It is object-oriented provides many ready to use classes platform independent modern.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.

Similar presentations

Ads by Google