Skip to main content
Conference ProceedingsOPEN ACCESS

Micro-policies: Formally verified, tag-based security monitors

Proceedings - IEEE Symposium on Security and Privacy (2015) 2015-July 813-830
DOI: 10.1109/SP.2015.55
35Citations
Citations of this article
79Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level 'symbolic machine' and we use this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety, in addition, we show how to use the tagging mechanism to protect its own integrity. For each micro-policy, we prove by refinement that the symbolic machine instantiated with the policy's rules embodies a high-level specification characterizing a useful security property. Last, we show how the symbolic machine itself can be implemented in terms of a hardware rule cache and a software controller.

Cite

CITATION STYLE

APA

De Amorim, A. A., Dénès, M., Giannarakis, N., Hriţcu, C., Pierce, B. C., Spector-Zabusky, A., & Tolmach, A. (2015). Micro-policies: Formally verified, tag-based security monitors. In Proceedings - IEEE Symposium on Security and Privacy (Vol. 2015-July, pp. 813–830). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SP.2015.55

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free