The Specification and Compilation of Obligation Policies for Program Monitoring
| dc.contributor.author | Xu, Cheng | eng |
| dc.contributor.author | Fong, Philip | eng |
| dc.date.accessioned | 2012-03-26T17:20:16Z | |
| dc.date.available | 2012-03-26T17:20:16Z | |
| dc.date.issued | 2012-03-26T17:20:16Z | |
| dc.description.abstract | The core component of an extensible software system must protect its resources from being abused by untrusted software extensions. The access control policies of extensible software systems are traditionally enforced by some form of reference monitors. Recent studies of access control policies advocate the use of obligation policies, which impose behavioural constraints on the future actions of the accessor even after the access is granted. It is argued that obligation policies provide continuous protection to the system. We envision the workflow of developing an obligation policy for program monitoring to involve three stages: specification, implementability check and implementation. In this work, we develop a series of tools to facilitate each stage of the workflow. First, we propose a policy language for formulating obligation policies. Second, we devise a type system for syntactically identifying if an obligation policy is enforceable or not. The type checker guides the policy developer in refining an obligation policy into an enforceable one. Finally, we design a compilation algorithm, which compiles well-typed obligation policies to a representation of reference monitors, called Obligation Monitor (OM). The OM is designed to facilitate monitor inlining. | eng |
| dc.description.refereed | No | eng |
| dc.identifier.department | 2011-996-08 | eng |
| dc.identifier.doi | http://dx.doi.org/10.11575/PRISM/30606 | |
| dc.identifier.uri | http://hdl.handle.net/1880/48922 | |
| dc.language.iso | eng | eng |
| dc.publisher.corporate | University of Calgary | eng |
| dc.publisher.faculty | Science | eng |
| dc.subject | Extensible software system | eng |
| dc.subject.other | Access control policies, Program monitoring | eng |
| dc.title | The Specification and Compilation of Obligation Policies for Program Monitoring | eng |
| dc.type | technical report | eng |
| thesis.degree.discipline | Computer Science | eng |