Runtime Enforcement with Partial Control

  • Raphaël KhouryEmail author
  • Sylvain Hallé
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9482)


This study carries forward the line of enquiry that seeks to characterize precisely which security policies are enforceable by runtime monitors. In this regard, Basin et al. recently refined the structure that helps distinguish between those actions that the monitor can potentially suppress or insert in the execution, from those that the monitor can only observe. In this paper, we generalize this model by organizing the universe of possible actions in a lattice that naturally corresponds to the levels of monitor control. We then delineate the set of properties that are enforceable under this paradigm and relate our results to previous work in the field. Finally, we explore the set of security policies that are enforceable if the monitor is given greater latitude to alter the execution of its target, which allows us to reflect on the capabilities of different types of monitors.


Target Program Security Policy Security Property Safety Property Execution Sequence 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alpern, B., Schneider, F.: Defining liveness. Inf. Process. Lett. 21(4), 181–185 (1985)CrossRefMathSciNetzbMATHGoogle Scholar
  2. 2.
    Basin, D., Jugé, V., Klaedtke, F., Zalinescu, E.: Enforceable security policies revisited. ACM Trans. Inf. Syst. Secur. 16(1), 3 (2013)CrossRefGoogle Scholar
  3. 3.
    Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Foundations of Computer Security, Copenhagen, Denmark (2002)Google Scholar
  4. 4.
    Beauquier, D., Pin, J.-E.: Languages and scanners. Theoret. Comput. Sci. 84(1), 3–21 (1991)CrossRefzbMATHGoogle Scholar
  5. 5.
    Bielova, N., Massacci, F.: Do you really mean what you actually enforced? - edit automata revisited. Int. J. Inf. Secur. 10(4), 239–254 (2011)CrossRefGoogle Scholar
  6. 6.
    Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, U., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73–86. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Bielova, N., Massacci, F., Micheletti, A.: Towards practical enforcement theories. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 239–254. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Bodden, E., Lam, P., Hendren, L.J.: Partially evaluating finite-state runtime monitors ahead of time. ACM Trans. Program. Lang. Syst. 34(2), 7 (2012)Google Scholar
  9. 9.
    Chabot, H., Khoury, R., Tawbi, N.: Extending the enforcement power of truncation monitors using static analysis. Comput. & Secur. 30(4), 194–207 (2011)CrossRefGoogle Scholar
  10. 10.
    Chang, E., Manna, Z., Pnueli, A.: The safety-progress classification. In: Bauer, F., Brauer, W., Schwichtenberg, H. (eds.) Logic and Algebra of Specifications. NATO ASI Series, vol. 94, pp. 143–202. Springer, Heidelberg (1991)Google Scholar
  11. 11.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: Synthesizing enforcement monitors wrt. the safety-progress classification of properties. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 41–55. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: Runtime verification of safety-progress properties. In: Bensalem, S., Peled, D.A. (eds.) RV 2009. LNCS, vol. 5779, pp. 40–59. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Fong, P.: Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, California, USA, May, Oakland (2004)Google Scholar
  14. 14.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28, 175–205 (2006)CrossRefGoogle Scholar
  15. 15.
    Khoury, R., Hallé, S.: Runtime enforcement with partial control. Technical report, Université du Québec à Chicoutimi (2015)Google Scholar
  16. 16.
    Khoury, R., Tawbi, N.: Using equivalence relations for corrective enforcement of security policies. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 139–154. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Khoury, R., Tawbi, N.: Corrective enforcement: A new paradigm of security policy enforcement by monitors. ACM Trans. Inf. Syst. Secur. 15(2), 10:1–10:27 (2012)CrossRefGoogle Scholar
  18. 18.
    Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? a survey. Comput. Sci. Rev. 6(1), 27–45 (2012)CrossRefzbMATHGoogle Scholar
  19. 19.
    Kiczales, G., Hilsdale, E.: Aspect-oriented programming. SIGSOFT Softw. Eng. Notes 26(5), 313 (2001)CrossRefGoogle Scholar
  20. 20.
    Kim, M., Kannan, S., Lee, I., Sokolsky, O., Viswanathan, M.: Computational analysis of run-time monitoring - fundamentals of java-mac. Electr. Notes Theor. Comput. Sci. 70(4), 80–94 (2002)CrossRefGoogle Scholar
  21. 21.
    Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3(2), 125–143 (1977)CrossRefMathSciNetzbMATHGoogle Scholar
  22. 22.
    Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2004)Google Scholar
  23. 23.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 1–41 (2009)CrossRefGoogle Scholar
  24. 24.
    Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Meredith, P., Roşu, G.: Runtime verification with the RV system. In: Barringer, H., et al. (eds.) RV 2010. LNCS, vol. 6418, pp. 136–152. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Schneider, F.: Enforceable security policies. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  27. 27.
    Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement for limited-memory systems. In: Proceedings of the PST 2006 Conference (Privacy, Security, Trust), October 2006Google Scholar
  28. 28.
    Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitation constraints. In: Proceedings of FCS-ARSPA 2006 (Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis) associated with FLOC 2006 (Federated Logic Conference), August 2006Google Scholar
  29. 29.
    Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitations constraints. Inf. Comput. 206(1), 158–184 (2008)CrossRefMathSciNetzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Laboratoire d’informatique formelle, Département d’informatique et de mathématiqueUniversité du Québec à ChicoutimiChicoutimiCanada

Personalised recommendations