Efficient Runtime Enforcement Techniques for Policy Weaving

Richard Joiner, Thomas Reps, Somesh Jha, Mohan Dhawan, Vinod Ganapathy.

Proceedings of the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2014); pages 224-234; Hong Kong; November 16-22, 2014.

Policy weaving is a program transformation method that rewrites a program so that it is guaranteed to be safe with respect to a stateful security policy. It utilizes static analysis to identify points in the program at which policy violations might occur, and runtime checks inserted at such points to monitor policy state and prevent violations from occurring. The promise of policy weaving stems from the possibility of blending the best aspects of static and dynamic analysis components. Therefore, a successful instantiation requires careful balance and coordination between the two.

In this paper, we examine the strategy of using a combination of transactional introspection and statement indirection to implement runtime enforcement in a policy-weaving system. Transactional introspection allows the state resulting from the execution of a statement to be examined and, if the policy would be violated, suppressed. Statement indirection serves as a light-weight runtime analysis that can recognize and instrument dynamically generated code that is not available to the static analysis. These techniques can be implemented via static rewriting so that all possible program executions are protected against policy violations. We describe our implementation of transactional introspection and statement indirection for policy weaving, and report experimental results that show the viability of the approach in the context of real-world JavaScript programs executing in a browser.

Paper: [ PDF ] (© ACM)
Code: [ JAMScript and JAMWeaver ] (Implementation certified by the FSE'14 artifact evaluation committee)
Video: [ YouTube ]
DOI: [ 10.1145/2635868.2635907 ]

Papers page