Aspect-Oriented Runtime Monitor Certification

Hamlen, Kevin W.; Jones, Micah; Sridhar, Meera

doi:10.1007/978-3-642-28756-5_10

Cited by 11 publications

(14 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AOP allows such implementations to be consolidated as aspects, which consist of (1) pointcuts-expressions that identify join points (sites throughout the rest of the code) that are relevant to the cross-cutting concern-and (2) advice consisting of code that modifies each join point to implement the concern. Prior work has recognized that such aspects are an elegant means of expressing RMs [16]- [20]. In such contexts, the pointcuts identify security-relevant program operations, and the advice introduces guard code that secures each such operation.…”

Section: B Aspect-oriented Programmingmentioning

confidence: 99%

Vigiles: Fine-Grained Access Control for MapReduce Systems

Ulusoy

Kantarcıoğlu

Pattuk

et al. 2014

2014 IEEE International Congress on Big Data

View full text Add to dashboard Cite

Abstract-Security concerns surrounding the rise of Big Data systems have stimulated myriad new Big Data security models and implementations over the past few years. A significant disadvantage shared by most of these implementations is that they customize the underlying system source code to enforce new policies, making the customizations difficult to maintain as these layers evolve over time (e.g., over version updates).This paper demonstrates how a broad class of safety policies, including fine-grained access control policies at the level of keyvalue data pairs rather than files, can be elegantly enforced on MapReduce clouds with minimal overhead and without any change to the system or OS implementations. The approach realizes policy enforcement as a middleware layer that rewrites the cloud's front-end API with reference monitors. After rewriting, the jobs run on input data authorized by fine-grained access control policies, allowing them to be safely executed without additional system-level controls. Detailed empirical studies show that this more modular approach exhibits just 1% overhead compared to a less modular implementation that customizes MapReduce directly to enforce the same policies.

show abstract

Section: B Aspect-oriented Programmingmentioning

confidence: 99%

Vigiles: Fine-Grained Access Control for MapReduce Systems

Ulusoy

Kantarcıoğlu

Pattuk

et al. 2014

2014 IEEE International Congress on Big Data

View full text Add to dashboard Cite

show abstract

“…Though its bytecode language is type-safe, past malware has exploited VM buffer overflows [37], implemented cross-site-scripting attacks, and performed click-jacking [38,39] to damage browsers or disrupt victim host pages. The difficulty of enforcing rich AS security policies that prevent such attacks in web environments that are aggressively heterogeneous (e.g., composed of mash-ups that mix mobile code from many mutually distrusting sources) has led to application of IRM technologies to this challenging problem domain [9,[25][26][27][28]40].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Its certifier performs a static analysis that verifies that contract-specified guard code appears at each security-relevant code point. Our past work presents model-checking as an efficient approach for verifying such IRMs without trusted guard code [26,27].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Numerous past works have developed powerful technologies for formally machine-verifying the soundness of IRMs [7,8,[25][26][27][28][29][30]. This is important for establishing high assurance, and for minimizing and stabilizing the trusted computing base (TCB) of IRM systems.…”

Section: Introductionmentioning

confidence: 99%

“…• We show how prior work on verifying IRM soundness via model-checking [26,27] can be extended in a natural way to verify IRM transparency.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Hippocratic binary instrumentation: First do no harm

Sridhar

Wartell²,

Hamlen

2014

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

In-lined Reference Monitors (IRMs) cure binary software of security violations by instrumenting them with runtime security checks. Although over a decade of research has firmly established the power and versatility of the in-lining approach to security, its widespread adoption by industry remains impeded by concerns that in-lining may corrupt or otherwise harm intended, safe behaviors of the software it protects. Practitioners with such concerns are unwilling to adopt the technology despite its security benefits for fear that some software may break in ways that are hard to diagnose. This paper shows how recent approaches for machine-verifying the policy-compliance (soundness) of IRMs can be extended to also formally verify IRM preservation of policy-compliant behaviors (transparency). Feasibility of the approach is demonstrated through a transparency-checker implementation for Adobe ActionScript bytecode. The framework is applied to enforce security policies for Adobe Flash web advertisements and automatically verify that their policy-compliant behaviors are preserved.

show abstract