Instrumenting Concurrent Applications for Audit Logging
Format
Oral Presentation
Faculty Mentor Name
Sepehr Amir-Mohammadian
Faculty Mentor Department
Computer Science
Abstract/Artist Statement
Instrumenting legacy code is an effective approach to enforce security policies. Previous work has demonstrated the applicability of instrumentation techniques in the enforcement of audit logging policies for systems with microservices architecture. However, the specified policies suffer from the limited expressivity power as they are confined to Horn clauses being directly used in logic programming engines. In this work, we implemented a tool that rewrites Java-based concurrent applications to support certain audit logging requirements that goes beyond Horn clauses. The rewritten set of microservices are then automatically enabled to generate audit logs that are shown to be formally correct.
Location
Sierra Learning Lab, William Knox Holt Memorial Library and Learning Center
Start Date
30-4-2022 11:00 AM
End Date
30-4-2022 11:19 AM
Instrumenting Concurrent Applications for Audit Logging
Sierra Learning Lab, William Knox Holt Memorial Library and Learning Center
Instrumenting legacy code is an effective approach to enforce security policies. Previous work has demonstrated the applicability of instrumentation techniques in the enforcement of audit logging policies for systems with microservices architecture. However, the specified policies suffer from the limited expressivity power as they are confined to Horn clauses being directly used in logic programming engines. In this work, we implemented a tool that rewrites Java-based concurrent applications to support certain audit logging requirements that goes beyond Horn clauses. The rewritten set of microservices are then automatically enabled to generate audit logs that are shown to be formally correct.