Modular Program Monitors - PowerPoint PPT Presentation

About This Presentation
Title:

Modular Program Monitors

Description:

A program monitor is a coroutine that runs in parallel with an untrusted ... detect, prevent, and recover from erroneous or malicious applications at run time ... – PowerPoint PPT presentation

Number of Views:17
Avg rating:3.0/5.0
Slides: 22
Provided by: david2786
Category:

less

Transcript and Presenter's Notes

Title: Modular Program Monitors


1
Modular Program Monitors
  • David Walker
  • Princeton University
  • (joint work with Lujo Bauer and Jay Ligatti)

2
Program Monitors
  • A program monitor is a coroutine that runs in
    parallel with an untrusted application
  • monitors process security-relevant actions
  • decide to allow/disallow application actions
  • may terminate or suspend application execution
  • monitors detect, prevent, and recover from
    erroneous or malicious applications at run time

3
Simple Monitor Structure
  • Monitors have 3 components
  • set of security-relevant application actions
  • security state
  • computation

Access Control Monitor
a
actions
state
computation
fopen fclose
acl
acl lookup
4
Polymer Project
  • Polymer
  • An extension of Java designed to simplify
    construction of run-time program monitors
  • Design methodology
  • A formula for producing well-structured,
    easy-to-understand, easy-to-modify monitors

5
Policy Architecture The Problem
Untrusted application
Host System (Java)
Program Monitor Definition
Polymer language extensions
Java core
6
Policy Architecture Simple Policies
system interface
Simple Policy Def.
Host System (Java)
Polymer language extensions
Java core
7
A Simple Polymer Policy
class limitFiles extends Policy private int
openFiles 0 private int maxOpen 0
limitFiles(int max) maxOpen max
....
private policy state, protected from malicious
applications
policy constructor
8
A Simple Polymer Policy Continued
class limitFiles extends Policy private int
openFiles ... private int maxOpen ...
private ActionSet actions new
ActionSet( new String
fileOpen(String), fileClose() )
....
set of policy- relevant methods
9
A Simple Polymer Policy Continued
class limitFiles extends Policy private
ActionSet actions ... private int openFiles
... private int maxOpen ... Suggestion
step(Action a) aswitch (a) case
fileOpen(String s) if (openFiles
lt maxOpen) return
Suggestion.OK() else
return Suggestion.Halt() case
fileClose() ...
policy behaviour
10
A Simple Polymer Policy Continued
class limitFiles extends Policy private
ActionSet actions ... private int openFiles
... private int maxOpen ... Suggestion
step(Action a) aswitch (a) case
fileOpen(String s) if (openFiles
lt maxOpen) return
Suggestion.OK() else
return Suggestion.Halt() case
fileClose() ...
11
A Simple Polymer Policy Continued
class limitFiles extends Policy private
ActionSet actions ... private int openFiles
... private int maxOpen ... Suggestion
step(Action a) aswitch (a) case
fileOpen(String s) if (openFiles
lt maxOpen) return
Suggestion.OK() else
return Suggestion.Halt() case
fileClose() ...
12
A Simple Polymer Policy Continued
class limitFiles extends Policy private
ActionSet actions ... private int openFiles
... private int maxOpen ... Suggestion
step(Action a) aswitch (a) case
fileOpen(String s) if (openFiles
lt maxOpen) return
Suggestion.OK() else
return Suggestion.Halt() case
fileClose() ...
13
Realistic Monitors
  • Protect complex system interfaces
  • interfaces replicate functionality in many
    different places
  • method parameters communicate information in
    different forms
  • eg Java file system interface
  • 9 different methods to open files
  • 4 different methods to close files
  • filename strings, file objects, self used to
    identify files

14
Policy Architecture Abstract Actions
abstract system interface
Host System (Java)
Simple Policy Def.
Abstract Action Def.
Polymer language extensions
concrete system interface
Java core
15
Abstract Action Definitions
java.lang.io
FileReader(String fileName) FileReader(File
file) RandomAccessFile(...) ... FileReader.clos
e() RandomAccessFile.close() ...
fileOpen(String n) fileClose()
16
Realistic Monitors
  • Combine simple policies defined over a variety of
    different resources
  • eg sample applet policy
  • file system access control
  • bounds on bytes written and number of files
    opened
  • restricted network access
  • no access after file system read
  • communication with applet source only

17
Policy ArchitectureComplex Policies
Complex, System-specific Policy
abstract system interface
Simple Policy Def.
Policy Comb. Def.
Abstract Action Def.
Host System (Java)
Polymer language extensions
concrete system interface
Java core
18
Policy Combinators
  • Conjunction, Disjunction, Chinese wall,...

Conjunctive Policy
P1
P2
?
s2
s1
s
19
Related Work
  • Aspect-oriented programming
  • New polymer features
  • first-class suggestions, abstract actions, action
    patterns, policy combinators, policy
    architecture, formal semantics
  • Monitoring languages
  • Poet and Pslang, Naccio, Ariel, Spin Kernel
  • Logical monitoring specifications
  • MAC (temporal logic), Bigwig (second-order
    monadic logic)

20
Summary Polymer
  • First steps towards the design of a modern
    language for programming modular run-time
    security monitors
  • For future software releases papers see
  • www.cs.princeton.edu/sip/projects/polymer/

21
End
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Modular Program Monitors" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!