Flexible In-Lined Reference Monitor Certification: Challenges and Future Directions

Over the last few years, In-lined Reference Monitors (IRM's) have gained much popularity as successful security enforcement mechanisms. Aspect-Oriented Programming (AOP) provides one elegant paradigm for implementing IRM frameworks. There is a foreseen need to enhance both AOP-style and non-AOP IRM's with static certification due to two main concerns. Firstly, the Trusted Computing Base (TCB) can grow large quickly in an AOP-style IRM framework. Secondly, in many practical settings, such as in the domain of web-security, aspectually encoded policy implementations and the re-writers that apply them to untrusted code are subject to frequent change.