Yliès Falcone, Jean-Claude Fernandez, Laurent Mounier
Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties (2008)
Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties (2008)
TR-2008-7.pdf
Keywords: enforcement, property, runtime monitoring, safety-progress
Abstract: Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progress classification of properties. It allows a fine-grain characterization of the space of enforceable properties. Finally, we propose a systematic technique to produce an enforcing monitor from the Streett automaton recognizing a given safety, guarantee, obligation or response security property.
