Efficient Runtime-Enforcement Techniques for Policy Weaving
Richard Joiner, Thomas Reps, Somesh Jha, Mohan Dhawan, Vinod Ganapathy
Policy weaving is a program-transformation technique that
rewrites a program so that it is guaranteed to be safe with respect to
a stateful security policy. It utilizes (i) static analysis to
identify points in the program at which policy violations might occur,
and (ii) runtime checks inserted at such points to monitor policy
state and prevent violations from occurring. The promise of policy
weaving stems from the possibility of blending the best aspects of
static and dynamic analysis components.
Therefore, a successful instantiation of policy weaving requires a
careful balance and coordination between the two.
In this paper, we examine the strategy of using a combination of
transaction-based introspection and callsite indirection
to implement runtime enforcement in a policy-weaving system.
Transactional introspection allows the state resulting from the
execution of a statement to be examined and, if the policy would be
violated, suppressed.
Statement indirection serves as a light-weight runtime analysis that can
recognize and instrument dynamically generated code that is not
available to the static analysis.
These techniques can be implemented via static rewriting so that
all possible program executions are protected against policy
violations.
We describe our implementation of transactional introspection and
statement indirection for policy weaving, and report experimental
results that show the viability of the approach in the context of
real-world JavaScript programs executing in a browser.
(Click here to access the paper:
PDF.)