Section: New Results

Verifying Policy Enforcers

Participants : Oliviero Riganelli [University of Milano Bicocca] , Daniela Micucci [University of Milano Bicocca] , Leonardo Mariani [University of Milano Bicocca] , Yliès Falcone.

Policy enforcers are sophisticated run-time components that can prevent failures by enforcing the correct behavior of the software. While a single enforcer can be easily designed focusing only on the behavior of the application that must be monitored, the effect of multiple enforcers that enforce different policies might be hard to predict. So far, mechanisms to resolve interferences between enforcers have been based on priority mechanisms and heuristics. Although these methods provide a mechanism to take decisions when multiple enforcers try to affect the execution at a same time, they do not guarantee the lack of interference on the global behavior of the system. In this work we propose a verification strategy that can be exploited to discover interferences between sets of enforcers and thus safely identify a priori the enforcers that can co-exist at run-time. In our evaluation, we experimented our verification method with several policy enforcers for Android and discovered some incompatibilities.

This work has been presented at the 17-th International Conference on Run-Time Verification, RV 2017 [24].