Certified In-lined Reference Monitoring on .NET

Hamlen, Kevin W.; Morrisett, Greg; Schneider, Fred B.

Certified In-lined Reference Monitoring on .NET

Active / Technical Report | Accession Number: ADA521437 |

Open PDF

Abstract:

Mobile is an extension of the .NET Common Intermediate Language that supports certified In-Lined Reference Monitoring. Mobile programs have the useful property that if they are welltyped with respect to a declared security policy, then they are guaranteed not to violate that security policy when executed. Thus, when an In-Lined Reference Monitor IRM is expressed in Mobile, it can be certified by a simple type-checker to eliminate the need to trust the producer of the IRM. Security policies in Mobile are declarative, can involve unbounded collections of objects allocated at runtime, and can regard infinite-length histories of security events exhibited by those objects. The prototype Mobile implementation enforces properties expressed by finite-state security automata-one automaton for each security-relevant object and can type-check Mobile programs in the presence of exceptions, finalizers, concurrency, and non-termination. Executing Mobile programs requires no change to existing .NET virtual machine implementations, since Mobile programs consist of normal managed CIL code with extra typing annotations stored in .NET attributes.

Author(s):

Hamlen, Kevin W. ; Morrisett, Greg ; Schneider, Fred B.

Author Organization(s):

CORNELL UNIV ITHACA NY DEPT OF COMPUTER SCIENCE

Descriptive Note:

Conference paper

Supplementary Note:

Presented at the 2006 Programming Languages and Analysis for Security Workshop held in Ottawa, Ontario, Canada on 10 June 2006. Published in the Proceedings of the 2006 Programming Languages and Analysis for Security Workshop, p7-16, 2006. Sponsored in part by National Science Foundation (NSF) grants 0430161 and CCF-0424422. U.S. Government or Federal Rights License. The original document contains color images.

Pagination:

0011

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

FA9620-03-1-0156, N00014-01-1-0968

Monitor Series:

AFOSR

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_1_Force Support; JCA_6_Net Centric; JCA_1.3_Human Capital Management; JCA_1.3.2_Personnel Management; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_1.2_Force Preparation; JCA_6.1_Information Transport; JCA_1.2.3_Educating; JCA_6.4.1_Secure Information Exchange; JCA_6.2_Enterprise Services; JCA_6.4_Information Assurance; JCA_8_Building Partnerships

Modernization Areas:

AI and Machine Learning

Communities of Interest:

Energy and Power Technologies

Descriptor(s):

*SOFTWARE ENGINEERING, DATA TRANSMISSION SECURITY, SYMPOSIA, INTERNET, COMPUTER PROGRAMS, REPRINTS

Field(s)/Group(s):

Computer Programming and Software, Computer Systems Management and Standards, Command, Control and Communications Systems

Keyword(s):

IRM(IN LINED REFERENCE MONITOR), CIL CODES

Report Date:

2006 Jun 01

Creation Date:

2010 Jun 16