Runtime Enforcement With Partial Control
Rapha\"el Khoury, Sylvain Hall\'e
TL;DR
This paper generalizes the model of runtime enforcement by organizing actions in a lattice to better understand which security policies are enforceable under varying levels of monitor control.
Contribution
It introduces a lattice-based framework for classifying actions and characterizes enforceable properties under different monitor control levels.
Findings
Enforceable properties are characterized within the lattice framework.
Increased monitor control expands the set of enforceable policies.
The model relates to and extends previous enforcement theories.
Abstract
This study carries forward the line of enquiry that seeks to characterize precisely which security policies are enforceable by runtime monitors. In this regard, Basin et al.\ recently refined the structure that helps distinguish between those actions that the monitor can potentially suppress or insert in the execution, from those that the monitor can only observe. In this paper, we generalize this model by organizing the universe of possible actions in a lattice that naturally corresponds to the levels of monitor control. We then delineate the set of properties that are enforceable under this paradigm and relate our results to previous work in the field. Finally, we explore the set of security policies that are enforceable if the monitor is given greater latitude to alter the execution of its target, which allows us to reflect on the capabilities of different types of monitors.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Formal Methods in Verification