What is Policy Weaving?
Policy weaving combines static analysis, aspect weaving, and dynamic analysis to guarantee that a program adheres to a temporal policy.
What are the goals of Policy Weaving?
- Enforcement should be complete: all policy violations are prevented
- Enforcement should be sound: only policy-violating execution traces are prevented
- Enforcement should be transparent: all executions, up to policy violation, are semantically identical to the original program
How does Policy Weaving achieve these goals?
- A policy is formulated as a finite-state automaton with predicates labeling edges between different states (and "true" predicates labeling self edges); the automaton accepts the language of all forbidden execution traces, and therefore the policy specifies all executions that should be prevented
- The static analysis component models the given program and identifies all statements/expressions that can potentially cause policy transitions
- Any static analysis techniques can be employed, though they should be conservative: possible program behaviors should be always overapproximated, not underapproximated
- The aspect weaving component rewrites the identified statements to include dynamic instrumentation which deploy the enforcement mechanism in a fine-grained manner
- The enforcement mechanism dynamically monitors the execution at the instrumentation points and, if necessary, prevents policy violations before they occur
- All code, even if it is dynamically generated (e.g. through an "eval" function), should be monitored, so the enforcement mechanism should include the ability to propagate instrumentation to such code