Generating in-line monitors for Rabin automata

Abstract

A promising solution to the problem of securing potentially malicious mobile code lies in the use of program monitors. Such monitors can be in-lined into an untrusted program to produce an instrumented code that provably satisfies the security policy. It is well known that enforcement mechanisms based on Schneider's security automata only enforce safety properties [1]. Yet subsequent studies show that a wider range of properties than those implemented so far could be enforced using monitors. In this paper, we present an approach to produce a model of an instrumented program from a security requirement represented by a Rabin automaton and a model of the program. Based on an a priori knowledge of the program behavior, this approach allows to enforce, in some cases, more than safety properties. We provide a theorem stating that a truncation enforcement mechanism considering only the set of possible executions of a specific program is strictly more powerful than a mechanism considering all the executions over an alphabet of actions. © Springer-Verlag 2009.