Verifying Policy Enforcers
Oliviero Riganelli, Daniela Micucci, Leonardo Mariani, Yli\`es Falcone
TL;DR
This paper introduces a verification strategy to detect and prevent interference among multiple policy enforcers in software systems, ensuring their safe coexistence at runtime.
Contribution
We propose a novel verification approach that identifies potential conflicts between sets of policy enforcers before deployment.
Findings
Discovered incompatibilities among Android policy enforcers
Verified the effectiveness of the method in predicting enforcer interference
Enhanced safety in runtime policy enforcement
Abstract
Policy enforcers are sophisticated runtime components that can prevent failures by enforcing the correct behavior of the software. While a single enforcer can be easily designed focusing only on the behavior of the application that must be monitored, the effect of multiple enforcers that enforce different policies might be hard to predict. So far, mechanisms to resolve interferences between enforcers have been based on priority mechanisms and heuristics. Although these methods provide a mechanism to take decisions when multiple enforcers try to affect the execution at a same time, they do not guarantee the lack of interference on the global behavior of the system. In this paper we present a verification strategy that can be exploited to discover interferences between sets of enforcers and thus safely identify a-priori the enforcers that can co-exist at run-time. In our evaluation, we…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Security and Verification in Computing · Software Testing and Debugging Techniques