<?
include_once 'declare.php';

$title = "Policy Weaving Resources";

ob_start();
?>
<h2>What is Policy Weaving?</h2>
<p>
  Policy weaving combines static analysis, aspect weaving, and dynamic
  analysis to guarantee that a program adheres to a temporal policy.
</p>
<h2>What are the goals of Policy Weaving?</h2>
<ul>
  <li>
    Enforcement should be <b>complete</b>: all policy violations are
    prevented
  </li>
  <li>
    Enforcement should be <b>sound</b>: only policy-violating execution
    traces are prevented
  </li>
  <li>
    Enforcement should be <b>transparent</b>: all executions, up to policy
    violation, are semantically identical to the original program
  </li>
</ul>
<h2>How does Policy Weaving achieve these goals?</h2>
<ul>
  <li>
    A policy is formulated as a finite-state automaton with predicates
    labeling edges between different states (and "true" predicates
    labeling self edges); the automaton accepts the language of all
    forbidden execution traces, and therefore the policy specifies all
    executions that should be prevented
  </li>
  <li>
    The static analysis component models the given program and
    identifies all statements/expressions that can potentially cause
    policy transitions
  </li>
  <li>
    Any static analysis techniques can be employed, though they should
    be conservative: possible program behaviors should be always
    overapproximated, not underapproximated
  </li>
  <li>
    The aspect weaving component rewrites the identified statements to
    include dynamic instrumentation which deploy the enforcement
    mechanism in a fine-grained manner
  </li>
  <li>
    The enforcement mechanism dynamically monitors the execution at the
    instrumentation points and, if necessary, prevents policy violations
    before they occur
  </li>
  <li>
    All code, even if it is dynamically generated (e.g. through an
    "eval" function), should be monitored, so the enforcement mechanism
    should include the ability to propagate instrumentation to such
    code
  </li>
</ul>
<?
$content = ob_get_clean();

$linkGroups = array(
  "Policy-weaving projects at UW-Madison" => array(
    "JAM/JAMScript" => "jam.php",
    "CapWeave/HiWeave" => "capabilities.php",
    "Weaver Generator" => "weavergen.php",
  ),
  "Personnel" => array(
    "Tom Reps" => "http://pages.cs.wisc.edu/~reps/",
    "Somesh Jha" => "http://pages.cs.wisc.edu/~jha/",
    "Rich Joiner" => "http://pages.cs.wisc.edu/~joiner/",
    "Drew Davidson" => "http://pages.cs.wisc.edu/~davidson/",
    "Matt Fredrikson" => "http://pages.cs.wisc.edu/~mfredrik/",
    "Bill Harris" => "http://www.scs.gatech.edu/people/william-harris",
  ),
  "Publications" => array(
    "Efficient runtime enforcement techniques for policy weaving" => "http://www.cs.wisc.edu/wpis/papers/fse14.pdf",
    "Declarative, temporal, and practical programming with capabilities" => "http://www.cs.wisc.edu/wpis/papers/oakland13.pdf",
    "Efficient runtime policy enforcement using counterexample-guided abstraction refinement" => "http://www.cs.wisc.edu/wpis/papers/CAV12-JAM.pdf",
    "Secure programming via visibly pushdown safety games" => "http://www.cs.wisc.edu/wpis/papers/CAV12-VPA.pdf",
  ),
  "Policy-weaving resources" => array(
    "JAM policy weaver" => "https://github.com/blackoutjack/jamweaver",
    "JAMScript enforcement" => "https://github.com/blackoutjack/jamscript",
    "JAM test suite" => "https://github.com/blackoutjack/jamtests",
    "Extraction Tool for Resource Analysis (ExTRA)" => "https://github.com/blackoutjack/ExTRA",
    "User-driven JAMScript extension" => "https://policy-weaving.cs.wisc.edu/extension",
  ),
  "General informational resources" => array(
    "A general listing of JavaScript technologies and research" => "jsresearch.php",
    "JavaScript-related popular articles" => "jsarticles.php",
    "JavaScript reference material" => "jsreference.php",
    "General security news and resources" => "security.php",
  ),
);

include_once "linkTemplate.php";
?>