include_once 'declare.php';
$title = "Policy Weaving Resources";
ob_start();
?>
What is Policy Weaving?
Policy weaving combines static analysis, aspect weaving, and dynamic
analysis to guarantee that a program adheres to a temporal policy.
What are the goals of Policy Weaving?
-
Enforcement should be complete: all policy violations are
prevented
-
Enforcement should be sound: only policy-violating execution
traces are prevented
-
Enforcement should be transparent: all executions, up to policy
violation, are semantically identical to the original program
How does Policy Weaving achieve these goals?
-
A policy is formulated as a finite-state automaton with predicates
labeling edges between different states (and "true" predicates
labeling self edges); the automaton accepts the language of all
forbidden execution traces, and therefore the policy specifies all
executions that should be prevented
-
The static analysis component models the given program and
identifies all statements/expressions that can potentially cause
policy transitions
-
Any static analysis techniques can be employed, though they should
be conservative: possible program behaviors should be always
overapproximated, not underapproximated
-
The aspect weaving component rewrites the identified statements to
include dynamic instrumentation which deploy the enforcement
mechanism in a fine-grained manner
-
The enforcement mechanism dynamically monitors the execution at the
instrumentation points and, if necessary, prevents policy violations
before they occur
-
All code, even if it is dynamically generated (e.g. through an
"eval" function), should be monitored, so the enforcement mechanism
should include the ability to propagate instrumentation to such
code
$content = ob_get_clean();
$linkGroups = array(
"Policy-weaving projects at UW-Madison" => array(
"JAM/JAMScript" => "jam.php",
"CapWeave/HiWeave" => "capabilities.php",
"Weaver Generator" => "weavergen.php",
),
"Personnel" => array(
"Tom Reps" => "http://pages.cs.wisc.edu/~reps/",
"Somesh Jha" => "http://pages.cs.wisc.edu/~jha/",
"Rich Joiner" => "http://pages.cs.wisc.edu/~joiner/",
"Drew Davidson" => "http://pages.cs.wisc.edu/~davidson/",
"Matt Fredrikson" => "http://pages.cs.wisc.edu/~mfredrik/",
"Bill Harris" => "http://www.scs.gatech.edu/people/william-harris",
),
"Publications" => array(
"Efficient runtime enforcement techniques for policy weaving" => "http://www.cs.wisc.edu/wpis/papers/fse14.pdf",
"Declarative, temporal, and practical programming with capabilities" => "http://www.cs.wisc.edu/wpis/papers/oakland13.pdf",
"Efficient runtime policy enforcement using counterexample-guided abstraction refinement" => "http://www.cs.wisc.edu/wpis/papers/CAV12-JAM.pdf",
"Secure programming via visibly pushdown safety games" => "http://www.cs.wisc.edu/wpis/papers/CAV12-VPA.pdf",
),
"Policy-weaving resources" => array(
"JAM policy weaver" => "https://github.com/blackoutjack/jamweaver",
"JAMScript enforcement" => "https://github.com/blackoutjack/jamscript",
"JAM test suite" => "https://github.com/blackoutjack/jamtests",
"Extraction Tool for Resource Analysis (ExTRA)" => "https://github.com/blackoutjack/ExTRA",
"User-driven JAMScript extension" => "https://policy-weaving.cs.wisc.edu/extension",
),
"General informational resources" => array(
"A general listing of JavaScript technologies and research" => "jsresearch.php",
"JavaScript-related popular articles" => "jsarticles.php",
"JavaScript reference material" => "jsreference.php",
"General security news and resources" => "security.php",
),
);
include_once "linkTemplate.php";
?>