The S3MS.NET Run Time Monitor: Tool Demonstration

https://doi.org/10.1016/j.entcs.2009.11.021Get rights and content
Under a Creative Commons license
open access

Abstract

This paper describes the S3MS.NET run time monitor, a tool that can enforce security policies expressed in a variety of policy languages for .NET desktop or mobile applications. The tool consists of two major parts: a bytecode inliner that rewrites .NET assemblies to insert calls to a policy decision point, and a policy compiler that compiles source policies to executable policy decision points. The tool supports both singlethreaded and multithreaded applications, and is sufficiently mature to be used on real-world applications.

This paper describes the overall functionality and architecture of the tool, discusses its strengths and weaknesses, and reports on our experience with using the tool on case studies as well as in teaching.

Keywords

security
bytecode rewriting
.NET
MSIL

Cited by (0)

1

DistriNet Research Group, Department of Computer Science Katholieke Universiteit Leuven, Celestijnlaan 200A, B-3001 Leuven, Belgium

2

Department of Information and Communication Technology, Universit di Trento, Via Sommarive 14, I-38050 Povo (Trento), Italy