Disambiguating aspect-oriented security policies

Jones, Micah; Hamlen, Kevin W.

doi:10.1145/1739230.1739253

Cited by 11 publications

(10 citation statements)

References 35 publications

(45 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rewriters then synthesize their own advice in order to enforce the prescribed policy. The use of declarative state-transitions instead of imperative advice facilitates formal, automated reasoning about policies without the need to reason about arbitrary code [21].…”

Section: Policy Language and Rewritermentioning

confidence: 99%

“…Verifiers for these systems can prove that the IRM system has correctly in-lined the policy-prescribed advice code but not that this advice actually enforces the desired policy. Past case studies have demonstrated that such advice is extremely difficult to write correctly, especially when the policy is intended to apply to large classes of untrusted programs rather than individual applications [21]. Moreover, in many domains, such as web ad security, policy specifications change rapidly as new attacks and vulnerabilities are discovered (cf., [23,29,30]).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Aspect-Oriented Runtime Monitor Certification

Hamlen

Jones

Sridhar

2012

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Abstract. In-lining runtime monitors into untrusted binary programs via aspect-weaving is an increasingly popular technique for efficiently and flexibly securing untrusted mobile code. However, the complexity of the monitor implementation and in-lining process in these frameworks can lead to vulnerabilities and low assurance for code-consumers. This paper presents a machine-verification technique for aspect-oriented inlined reference monitors based on abstract interpretation and modelchecking. Rather than relying upon trusted advice, the system verifies semantic properties expressed in a purely declarative policy specification language. Experiments on a variety of real-world policies and Java applications demonstrate that the approach is practical and effective.

show abstract

Section: Policy Language and Rewritermentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Aspect-Oriented Runtime Monitor Certification

Hamlen

Jones

Sridhar

2012

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Formal Policy Analysis: UTD PI Hamlen is an expert in the emerging field of language-based security, which leverages techniques from programming language theory and compilers to enforce software security and policy analysis. By reducing highlevel security policy specifications and system models to the level of the denotational and operational semantics of their binary-level implementations, our past work has developed formally machine-certifiable security enforcement mechanisms of a variety of complex software systems, including those implemented in .NET [16], ActionScript [19], Java [13], and native code [31]. Working at the binary level provides extremely high formal guarantees because it permits the tool chain that produces mission-critical software components to remain untrusted; the binary code produced by the chain can be certified directly.…”

Section: Pre-processingmentioning

confidence: 99%

“…Therefore, it becomes imperative to provide guarantees that the policies are enforced in a provably correct manner. We have extensive expertise in formal policy analysis [13][14] and their enforcement via machine-certified, in-line reference monitors [15][16][17]. Such analyses will be leveraged to model and certify security properties enforced by core software components in the trusted computing base of CAISS++.…”

Section: Introductionmentioning

confidence: 99%

Cloud-Centric Assured Information Sharing

Thuraisingham

Khadilkar

Rachapalli

et al. 2012

Intelligence and Security Informatics

View full text Add to dashboard Cite

Abstract. In this paper we describe the design and implementation of cloudbased assured information sharing systems. In particular, we will describe our current implementation of a centralized cloud-based assured information sharing system and the design of a decentralized hybrid cloud-based assured information sharing system of the future. Our goal is for coalition organizations to share information stored in multiple clouds and enforce appropriate policies. IntroductionThe advent of cloud computing and the continuing movement toward software as a service (SaaS) paradigms has posed an increasing need for assured information sharing (AIS) as a service in the cloud. The urgency of this need has been voiced as recently as April 2011 by NSA CIO Lonny Anderson in describing the agency's focus on a "cloud-centric" approach to information sharing with other agencies [1]. Likewise, the DoD has been embracing cloud computing paradigms to more efficiently, economically, flexibly, and scalably meet its vision of "delivering the power of information to ensure mission success through an agile enterprise with freedom of maneuverability across the information environment" [2][3][4][5]. Both agencies therefore have a tremendous need for effective AIS technologies and tools for cloud environments. Although a number of AIS tools have been developed over the past five years for policy-based information sharing [5][6][7][8], to our knowledge none of these tools operate in the cloud and hence do not provide the scalability needed to support large numbers of users utilizing massive amounts of data. Recent prototype systems for supporting cloud-based AIS have applied cloud-centric engines that query large amounts of data in relational databases via non-cloud policy engines that enforce policies expressed in XACML [9][10]. While this is a significant improvement over prior efforts (and has given us insights into implementing cloud-based solutions), it nevertheless has at least three significant limitations. First, XACML-based policy specifications are not expressive enough to support many of the complex policies needed for AIS missions like those of the NSA and DoD. Second, to meet the scalability and efficiency requirements of mission-critical tasks, the policy engine needs to operate in the cloud rather than externally. Third, secure query processing based on relational technology has limitations in representing and processing unstructured data needed for command and control applications.

show abstract

“…• SPoX facilitated formal policy analyses, such as policy inconsistency detection and elimination, that are provably undecidable with traditional, non-declarative aspect-oriented specification approaches [12].…”

Section: Executive Summary Of Conclusionmentioning

confidence: 99%

Automated, Certified Program-rewriting for Software Security Enforcement

Hamlen¹

2012

Self Cite

View full text Add to dashboard Cite

The pubitc reporting burden for ihis collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to the Department of Defense. Executive Service Directorate (0704-0188) Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number

show abstract

Disambiguating aspect-oriented security policies

Cited by 11 publications

References 35 publications

Aspect-Oriented Runtime Monitor Certification

Aspect-Oriented Runtime Monitor Certification

Cloud-Centric Assured Information Sharing

Automated, Certified Program-rewriting for Software Security Enforcement

Contact Info

Product

Resources

About