DeepAI AI Chat
Log In Sign Up

Verifying Policy Enforcers

by   Oliviero Riganelli, et al.

Policy enforcers are sophisticated runtime components that can prevent failures by enforcing the correct behavior of the software. While a single enforcer can be easily designed focusing only on the behavior of the application that must be monitored, the effect of multiple enforcers that enforce different policies might be hard to predict. So far, mechanisms to resolve interferences between enforcers have been based on priority mechanisms and heuristics. Although these methods provide a mechanism to take decisions when multiple enforcers try to affect the execution at a same time, they do not guarantee the lack of interference on the global behavior of the system. In this paper we present a verification strategy that can be exploited to discover interferences between sets of enforcers and thus safely identify a-priori the enforcers that can co-exist at run-time. In our evaluation, we experimented our verification method with several policy enforcers for Android and discovered some incompatibilities.


page 1

page 2

page 3

page 4


Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Data hosted in a cloud environment can be subject to attacks from a high...

Formalizing the Execution Context of Behavior Trees for Runtime Verification of Deliberative Policies

Our research aims to enable automated property verification of deliberat...

A certified reference validation mechanism for the permission model of Android

Android embodies security mechanisms at both OS and application level. I...

Verifying Programs Under Custom Application-Specific Execution Models

Researchers have recently designed a number of application-specific faul...

Behavior-aware Service Access Control Mechanism using Security Policy Monitoring for SOA Systems

Service-oriented architecture (SOA) system has been widely utilized at m...

Test4Enforcers: Test Case Generation for Software Enforcers

Software enforcers can be used to modify the runtime behavior of softwar...

MAVERICK: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime

Safety and security issues in programmable IoT systems are still a press...