Abstract
Program monitoring is a well-established and efficient approach to security policy enforcement. An implementation of program monitoring that is particularly appealing for application-level policy enforcement is monitor inlining: the application is rewritten to push monitoring and policy enforcement code into the application itself. The intention is that the inserted code enforces compliance with the policy (security), and otherwise interferes with the application as little as possible (conservativity and transparency). For sequential Java-like languages, provably correct inlining algorithms have been proposed, but for the multithreaded setting, this is still an open problem. We show that no inliner for multithreaded Java can be both secure and transparent. It is however possible to identify a broad class of policies for which all three correctness criteria can be obtained. We propose an inliner that is correct for such policies, implement it for Java, and show that it is practical by reporting on some benchmarks. © 2009 Springer Berlin Heidelberg.
Cite
CITATION STYLE
Dam, M., Jacobs, B., Lundblad, A., & Piessens, F. (2009). Security monitor inlining for multithreaded java. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5653 LNCS, pp. 546–569). https://doi.org/10.1007/978-3-642-03013-0_25
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
