A modular pipeline for enforcement of security properties at runtime

Runtime enforcement ensures the respect of a user-specified security policy by a program by providing a valid replacement for any misbehaving sequence of events that may occur during that program’s execution. However, depending on the capabilities of the enforcement mechanism, multiple possible replacement sequences may be available, and the current literature is silent on the question of how to choose the optimal one. Furthermore, the current design of runtime monitors imposes a substantial burden on the designer, since the entirety of the monitoring task is accomplished by a monolithic construct, usually an automata-based model. In this paper, we propose a new modular model of enforcement monitors, in which the tasks of altering the execution, ensuring compliance with the security policy, and selecting the optimal replacement are split into three separate modules, which simplifies the creation of runtime monitors. We implement this approach by using the event stream processor BeepBeep and a use case is presented. Experimental evaluation shows that our proposed framework can dynamically select an adequate enforcement actions at runtime, without the need to manually define an enforcement monitor.