Advertisement

Increasing the Reusability of Enforcers with Lifecycle Events

  • Oliviero Riganelli
  • Daniela Micucci
  • Leonardo MarianiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11247)

Abstract

Runtime enforcement can be effectively used to improve the reliability of software applications. However, it often requires the definition of ad hoc policies and enforcement strategies, which might be expensive to identify and implement. This paper discusses how to exploit lifecycle events to obtain useful enforcement strategies that can be easily reused across applications, thus reducing the cost of adoption of the runtime enforcement technology. The paper finally sketches how this idea can be used to define libraries that can automatically overcome problems related to applications misusing them.

Keywords

Runtime enforcement Self-healing Proactive library 

References

  1. 1.
    Apache Felix iPOJO - Lifecycle callbacks. http://tiny.cc/iyvoty
  2. 2.
    Kubernetes - Container Lifecycle Hooks. http://tiny.cc/k9voty
  3. 3.
    OSGi - Life Cycle Layer. http://tiny.cc/k9voty
  4. 4.
    OSGi Alliance - The Dynamic Module System for Java. https://www.osgi.org
  5. 5.
    React - A JavaScript library for building user interfaces. http://tiny.cc/iyvoty
  6. 6.
  7. 7.
    Spring - Customizing the nature of a bean. http://tiny.cc/rs2oty
  8. 8.
  9. 9.
  10. 10.
    Bielova, N., Massacci, F.: Do you really mean what you actually enforced? Int. J. Inf. Secur. (IS) 10(4), 239–254 (2011)CrossRefGoogle Scholar
  11. 11.
    Falcone, Y., Currea, S., Jaber, M.: Runtime verification and enforcement for android applications with RV-Droid. In: Qadeer, S., Tasiran, S. (eds.) RV 2012. LNCS, vol. 7687, pp. 88–95. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35632-2_11CrossRefGoogle Scholar
  12. 12.
    Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Int. J. Softw. Tools Technol. Transfer 14(3), 349–382 (2012)CrossRefGoogle Scholar
  13. 13.
    Hallé, S., Ettema, T., Bunch, C., Bultan, T.: Eliminating navigation errors in web applications via model checking and runtime enforcement of navigation state machines. In: Proceedings of the International Conference on Automated Software Engineering (ASE) (2010)Google Scholar
  14. 14.
    Hou, D., Li, L.: Obstacles in using frameworks and APIs: an exploratory study of programmers’ newsgroup discussions. In: Proceedings of the International Conference on Program Comprehension (ICPC) (2011)Google Scholar
  15. 15.
    Kumar, A., Ligatti, J., Tu, Y.-C.: Query monitoring and analysis for database privacy - a security automata model approach. In: Wang, J., et al. (eds.) WISE 2015. LNCS, vol. 9419, pp. 458–472. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26187-4_42CrossRefGoogle Scholar
  16. 16.
    Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1), 2–16 (2005)CrossRefGoogle Scholar
  17. 17.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 19:1–19:39 (2009)CrossRefGoogle Scholar
  18. 18.
    Riganelli, O., Micucci, D., Mariani, L.: Healing data loss problems in android apps. In: Proceedings of the International Workshop on Software Faults (IWSF), Co-located with ISSRE (2016)Google Scholar
  19. 19.
    Riganelli, O., Micucci, D., Mariani, L.: Policy enforcement with proactive libraries. In: Proceedings of the 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) (2017)Google Scholar
  20. 20.
    Riganelli, O., Micucci, D., Mariani, L., Falcone, Y.: Verifying policy enforcers. In: Lahiri, S., Reger, G. (eds.) RV 2017. LNCS, vol. 10548, pp. 241–258. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-67531-2_15CrossRefGoogle Scholar
  21. 21.
    Wang, W., Godfrey, M.W.: Detecting API usage obstacles: a study of ios and android developer questions. In: Proceedings of the Working Conference on Mining Software Repositories (MSR) (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Oliviero Riganelli
    • 1
  • Daniela Micucci
    • 1
  • Leonardo Mariani
    • 1
    Email author
  1. 1.University of Milano-BicoccaMilanItaly

Personalised recommendations