Proceedings of the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2014); pages 224-234; Hong Kong; November 16-22, 2014.
Policy weaving is a program transformation method that rewrites a program so that it is guaranteed to be safe with respect to a stateful security policy. It utilizes static analysis to identify points in the program at which policy violations might occur, and runtime checks inserted at such points to monitor policy state and prevent violations from occurring. The promise of policy weaving stems from the possibility of blending the best aspects of static and dynamic analysis components. Therefore, a successful instantiation requires careful balance and coordination between the two.
Code: [ JAMScript and JAMWeaver ] (Implementation certified by the FSE'14 artifact evaluation committee)
Video: [ YouTube ]
DOI: [ 10.1145/2635868.2635907 ]