Model-carrying code
- 19 October 2003
- journal article
- conference paper
- Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review
- Vol. 37 (5), 15-28
- https://doi.org/10.1145/1165389.945448
Abstract
This paper presents a new approach called model-carrying code (MCC) for safe execution of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped with a concise high-level model of its security-relevant behavior. This model helps bridge the gap between high-level security policies and low-level binary code, thereby enabling analyses which would otherwise be impractical. For instance, users can use a fully automated verification procedure to determine if the code satisfies their security policies. Alternatively, an automated procedure can sift through a catalog of acceptable policies to identify one that is compatible with the model. Once a suitable policy is selected, MCC guarantees that the policy will not be violated by the code. Unlike previous approaches, the MCC framework enables code producers and consumers to collaborate in order to achieve safety. Moreover, it provides support for policy selection as well as enforcement. Finally, MCC makes no assumptions regarding the inherent risks associated with untrusted code. It simply provides the tools that enable a consumer to make informed decisions about the risk that he/she is willing to tolerate so as to benefit from the functionality offered by an untrusted application.Keywords
This publication has 17 references indexed in Scilit:
- Mimicry attacks on host-based intrusion detection systemsPublished by Association for Computing Machinery (ACM) ,2002
- MOPSPublished by Association for Computing Machinery (ACM) ,2002
- Simple, state-based approaches to program-based anomaly detectionACM Transactions on Information and System Security, 2002
- Untrusted hosts and confidentialityPublished by Association for Computing Machinery (ACM) ,2001
- Protecting privacy using the decentralized label modelACM Transactions on Software Engineering and Methodology, 2000
- Enforceable security policiesACM Transactions on Information and System Security, 2000
- BanderaPublished by Association for Computing Machinery (ACM) ,2000
- SASI enforcement of security policiesPublished by Association for Computing Machinery (ACM) ,1999
- Automatic verification of finite-state concurrent systems using temporal logic specificationsACM Transactions on Programming Languages and Systems, 1986
- A note on the confinement problemCommunications of the ACM, 1973