Program monitoring in a mandatory-results model

Author

Srikar Reddy Reddy, University of South Florida

Graduation Year

2009

Document Type

Thesis

Degree

M.S.C.S.

Degree Granting Department

Computer Science

Major Professor

Jay Ligatti, Ph.D.

Keywords

Security policies, Safety, Liveness, Security automata, Policy enforcement

Abstract

In many real enforcement systems, a security-relevant action must return a result before the application program that invoked that action can continue to execute. However, current models of runtime mechanisms do not capture this requirement on results being returned to application programs; current models are limited to reasoning about policies and enforcement in terms of actions alone, without considering the results of those actions. This thesis presents a more general model of runtime policy enforcement in which all actions return (possibly void- or unit-type) results. This mandatory-results model more accurately reflects the capabilities and limitations of real enforcement mechanisms, particularly those mechanisms that operate by monitoring function/method invocations. We analyze the new model to show that result-returning runtime monitors enforce a strict superset of the safety policies, including some nontrivial liveness policies.

Scholar Commons Citation

Reddy, Srikar Reddy, "Program monitoring in a mandatory-results model" (2009). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/2161