Please use this identifier to cite or link to this item:
|Title:||The Specification and Compilation of Obligation Policies for Program Monitoring|
|Keywords:||Extensible software system|
|Abstract:||The core component of an extensible software system must protect its resources from being abused by untrusted software extensions. The access control policies of extensible software systems are traditionally enforced by some form of reference monitors. Recent studies of access control policies advocate the use of obligation policies, which impose behavioural constraints on the future actions of the accessor even after the access is granted. It is argued that obligation policies provide continuous protection to the system. We envision the workflow of developing an obligation policy for program monitoring to involve three stages: specification, implementability check and implementation. In this work, we develop a series of tools to facilitate each stage of the workflow. First, we propose a policy language for formulating obligation policies. Second, we devise a type system for syntactically identifying if an obligation policy is enforceable or not. The type checker guides the policy developer in refining an obligation policy into an enforceable one. Finally, we design a compilation algorithm, which compiles well-typed obligation policies to a representation of reference monitors, called Obligation Monitor (OM). The OM is designed to facilitate monitor inlining.|
|Appears in Collections:||Fong, Philip |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.