Lightweight Inlined Reference Monitors for Securing Extensible and Open Systems

Sammanfattning: This thesis studies an alternative implementation of asecurity reference monitor in the contexts of extensible and opensystems. A security reference monitor is a classic approach to imposing asecurity policy on an otherwise untrusted system by using a trusted componentwhich intercepts security-relevant resource requests and applies a securitypolicy to decide whether to grant such requests. Recently, an application-level approach to implementing reference monitors hasemerged. This is the so-called inlined reference monitor (IRM) approach wherethe software is rewritten to “embed” (inline) the policy within it.This thesis presents an alternative implementation of the IRMapproach by using aspect-oriented programming. We call this the lightweight inlined reference monitor approach, since it does not requiremodification of the base system, and does not needan additional security policy language. The contexts of this thesis areextensible and open software systems inwhich software components are allowed to extend the functionality of others,and to integrate external, or third-party services. Firstly, we have studiedsuch an extensible system in a vehicle software scenario, and analysed thesafety-security characteristics for such a system. The analysis has resulted inguidelines for policy design for securing vehicle software systems. Secondly, wehave proposed a lightweight IRM approach to provide vehicle softwaresecurity. We have shown that the security assurance provided by thelightweight IRM approach is promising for deploymentin an existing vehicle software system. Lastly, we have appliedthe lightweight IRM approach to the context of JavaScript (web browser)security, where we show how to control and modify the behaviour of JavaScript tomake it self-protecting.