Abstract
We extend the range of security policies that can be guaranteed with proof carrying code from the classical type safety, control safety, memory safety, and space/time guarantees to more general security policies, such as general resource and access control. We do so by means of (1) a specification logic for security policies, which is the past-time fragment of LTL, and (2) a synthesis algorithm generating reference monitor code and accompanying proof objects from formulae of the specification logic. To evaluate the feasibility of our approach, we developed a prototype implementation producing proofs in Isabelle/HOL.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Necula, G.C.: Proof-carrying code. In: Proc. of POPL’97, Paris, Jan.1997, pp. 106–119 (1997), http://raw.cs.berkeley.edu/Papers/pcc_popl97.ps
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to typed assembly language. TOPLAS 21(3), 527–568 (1999)
Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. In: Proc. of PLDI’98, vol. 33,5, Jun. 17–19, pp. 333–344. ACM Press, New York (1998), http://www.cs.cmu.edu/~necula/pldi98.ps.gz
Aspinall, D., Gilmore, S., Hofmann, M., Sannella, D., Stark, I.: Mobile resource guarantees for smart devices. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 1–26. Springer, Heidelberg (2005)
Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems: Safety. Springer, New York (1995)
Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)
Winwood, S., Chakravarty, M.M.T.: Secure untrusted binaries - provably! In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 171–186. Springer, Heidelberg (2006)
Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press, Los Alamitos (1989)
Havelund, K., Rosu, G.: Synthesizing monitors for safety properties. In: Katoen, J.-P., Stevens, P. (eds.) ETAPS 2002 and TACAS 2002. LNCS, vol. 2280, pp. 342–356. Springer, Heidelberg (2002)
Barthe, G., Rezk, T., Saabas, A.: Proof obligations preserving compilation. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 112–126. Springer, Heidelberg (2006)
Manna, Z., Pnueli, A.: The anchored version of the temporal framework. In: de Bakker, J.W., de Roever, W.-P., Rozenberg, G. (eds.) Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency. LNCS, vol. 354, pp. 201–284. Springer, Heidelberg (1989)
Nipkow, T.: Hoare logics in Isabelle/HOL. In: Schwichtenberg, H., Steinbrüggen, R. (eds.) Proof and System-Reliability, pp. 341–367. Kluwer Academic Publishers, Dordrecht (2002)
Lichtenstein, O., Pnueli, A.: Propositional temporal logics: Decidability and completeness. Logic Journal of the IGPL 8(1), 55–85 (2000), http://www.wisdom.weizmann.ac.il/~amir/lp00.ps.gz
Geilen, M.: On the construction of monitors for temporal logic properties. In: Electr. Notes Theor. Comput. Sci., vol. 55 (2001), http://www.ics.ele.tue.nl/~mgeilen/publications/rv2001.pdf
Bernard, A., Lee, P.: Temporal logic for proof-carrying code. In: Voronkov, A. (ed.) Automated Deduction - CADE-18. LNCS (LNAI), vol. 2392, pp. 31–46. Springer, Heidelberg (2002)
Holzmann, G.J.: The model checker spin. IEEE Trans. Software Eng. 23(5), 279–295 (1997)
Chen, F., D’Amorim, M., Rosu, G.: A formal monitoring-based framework for software development and analysis. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 357–372. Springer, Heidelberg (2004)
D’Amorim, M., Rosu, G.: Efficient monitoring of omega-languages. . In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 364–378. Springer, Heidelberg (2005)
Barringer, H., Goldberg, A., Havelund, K., Sen, K.: Program monitoring with LTL in EAGLE. In: Proc. of PADTAD’04, April (2004), http://www.havelund.com/Publications/eagle-padtad04.pdf
Peled, D., Zuck, L.: From model checking to a temporal proof. In: Dwyer, M.B. (ed.) Model Checking Software. LNCS, vol. 2057, pp. 1–14. Springer, Heidelberg (2001)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002), http://www4.in.tum.de/~nipkow/LNCS2283/tutorial.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Winwood, S., Klein, G., Chakravarty, M.M.T. (2007). On the Automated Synthesis of Proof-Carrying Temporal Reference Monitors. In: Puebla, G. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2006. Lecture Notes in Computer Science, vol 4407. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71410-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-71410-1_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71409-5
Online ISBN: 978-3-540-71410-1
eBook Packages: Computer ScienceComputer Science (R0)