Policy weaving is a program-transformation method that rewrites a program so that it is guaranteed to be safe with respect to a stateful security policy. It utilizes (i) static analysis to identify points in the program at which policy violations might occur, and (ii) runtime checks inserted at such points to monitor policy state and prevent violations from occurring. The power and flexibility of policy weaving arises from its ability to blend the best aspects of the static and runtime components. Therefore, a successful instantiation requires careful balance and coordination between the two.

In this paper, we examine the strategy of using a combination of transaction-based introspection and callsite indirection to implement runtime enforcement in a policy-weaving system. In particular,

• Transaction-based introspection enables the state resulting from executing a potential policy-affecting statement identified by the static analysis to be examined, and its effects possibly suppressed.
• Callsite indirection serves as a light-weight runtime analysis that can recognize and instrument dynamically-generated code that is not available to the static analysis.
• These techniques can be implemented via static rewriting so that all possible program executions are protected against policy violations.