ConSpec – A Formal Language for Policy Specification

Aktug, Irem; Naliuka, Katsiaryna

doi:10.1016/j.entcs.2007.10.013

Cited by 53 publications

(38 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…JavaMOP supports several other logics, via a plugin mechanism, and slices are assigned categories, which can be match/fail or taken from some other set. Because slices are analyzed independently, it not possible to express examples such as (1) and (4), which use an unbounded number of register assignments.…”

Section: Related Workmentioning

confidence: 99%

“…1 In the latter case, we aspire to reason at runtime about particular shapes of dynamically allocated data-structures irrespectively of their size. For example, checking "the shape of the list should not contain cycles" (1) for lists of any size and in a finite way, requires two activities. First, being able to change the value of the variables in the specification while traversing the list (re-binding).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Runtime Verification Based on Register Automata

Grigore

Distefano

Petersen

et al. 2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

We propose TOPL automata as a new method for runtime verification of systems with unbounded resource generation. Paradigmatic such systems are object-oriented programs which can dynamically generate an unbounded number of fresh object identities during their execution. Our formalism is based on register automata, a particularly successful approach in automata over infinite alphabets which administers a finite-state machine with boundedly many inputstoring registers. We show that TOPL automata are equally expressive to register automata and yet suitable to express properties of programs. Compared to other runtime verification methods, our technique can handle a class of properties beyond the reach of current tools. We show in particular that properties which require value updates are not expressible with current techniques yet are naturally captured by TOPL machines. On the practical side, we present a tool for runtime verification of Java programs via TOPL properties, where the trade-off between the coverage and the overhead of the monitoring system is tunable by means of a number of parameters. We validate our technique by checking properties involving multiple objects and chaining of values on large open source projects.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Runtime Verification Based on Register Automata

Grigore

Distefano

Petersen

et al. 2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…In particular, we present here a possible extension of our framework for treating parameterized systems; we have developed a synthesis tool in the objective language O'caml 11, which given as input both a system and a security property, automatically generates a controller program. In addition, we have developed a translator from our internal representation to ConSpec 12, the security policy language used in the ambit of the S3MS European project 13. There exists a run‐time framework for enforcing security policies (controller programs in our context) for execution monitoring of Java applications on mobile devices.…”

Section: Introductionmentioning

confidence: 99%

A framework for automatic generation of security controller

Martinelli

Matteucci

2010

Software Testing Verif & Rel

View full text Add to dashboard Cite

SUMMARYThis paper concerns the study, the development and the synthesis of mechanisms for guaranteeing the security of complex systems, i.e., systems composed by several interacting components.A complex system under analysis is described as an open system, i.e., a system in which an unspecified component (a component whose behaviour is not fixed in advance) interacts with the known part of the system. Within this formal approach, we propose techniques that aim to synthesize controller programs able to guarantee that, for all possible behaviours of the unspecified component, the system should work properly, e.g., it should be able to satisfy a certain property.For performing this task, we first need to identify the set of necessary and sufficient conditions that the unspecified component has to satisfy in order to ensure that the whole system is secure. Hence, by exploiting satisfiability procedures for temporal logic, we automatically synthesize an appropriate controller program that forces the unspecified component to meet these conditions. This will ensure the security of the whole system.In particular, we contribute within the area of the enforcement of security properties by proposing a flexible and automated framework that goes beyond the definition of how a system should behave to work properly. Indeed, while the majority of related work focuses on the definition of monitoring mechanisms, we also address the synthesis problem.Moreover, we describe a tool for the synthesis of secure systems which is able to generate appropriate controller programs. This tool is also able to translate the synthesized controller programs into the ConSpec language. ConSpec programs can be actually deployed for enforcing security policies on mobile Java applications by using the run-time framework developed in the ambit of the European Project S3MS.

show abstract

“…We have also implemented a further, prototypical refinement supporting the ConSpec language [AN08], which is not an advanced-dispatching language as such but rather a language for policy enforcement. Table 1 shows the different concrete entities we implemented while mapping the different languages (AspectJ, CaesarJ, JPred, Compose*, and ConSpec) to LIAM, as well as their usage in the different language mappings.…”

Section: Existing (General-purpose) Languagesmentioning

confidence: 99%

“…In particular, the call-back can be used to integrate legacy language frontends that generate a proprietary intermediate representation of advanced-dispatching concepts, which can then be transformed to the LIAM-based intermediate representation by the importer. We have implemented two such importers: one for the AspectJ language that processes bytecode and the annotations added by the AspectJ compiler, and one for the ConSpec language [AN08] that directly processes ConSpec source code. The language developer is thus flexible with respect to the importer's inputs.…”

Section: Factorymentioning

confidence: 99%

An In-Depth Look at ALIA4J.

Bockisch¹,

Sewe²,

Yin³

et al. 2012

JOT

View full text Add to dashboard Cite

New programming languages supporting advanced modularization mechanisms are often implemented as transformations to the imperative intermediate representation of an already established language. But while their core constructs largely overlap in semantics, re-using the corresponding transformations requires re-using their syntax as well; this is limiting. In the ALIA4J approach, we identified dispatching as fundamental to most modularization mechanisms and provide a meta-model of dispatching as a rich, extensible intermediate language. Based on this meta-model, one can modularly implement the semantics of dispatchingrelated constructs. From said constructs a single execution model can then be derived which facilitates interpretation, bytecode generation, and even optimized machine-code generation. We show the suitability of our approach by mapping five popular languages to this meta-model and find that most of their constructs are shared across multiple languages. We furthermore present implementations of the three different execution strategies together with a generic visual debugger available to any ALIA4J-based language implementation. Intertwined with this paper is a tutorial-style running example that illustrates our approach.

show abstract

ConSpec – A Formal Language for Policy Specification

Cited by 53 publications

References 16 publications

Runtime Verification Based on Register Automata

Runtime Verification Based on Register Automata

A framework for automatic generation of security controller

An In-Depth Look at ALIA4J.

Contact Info

Product

Resources

About