We live in a highly connected world where software controls many aspects of our lives. In this context, security is a major concern. Furthermore, software is usually built using predefined components, which are not usually provided by reliable sources. Mobile code adds to the picture another dimension increasing considerably security needs.
In this context we have to control the application execution’s in order to enforce security policies or properties.
In this talk, representative enforcement mechanisms are briefly presented with the characterization of their enforcement power and their limitations. Most of the proposed enforcement mechanisms assume unlimited resources provided during the execution. We propose an enforcement mechanism dedicated to a class of properties that can be used under memory limitations. This class is defined based upon locally testable properties.
Another extension of the work on enforcing security properties is related to the capacity of the enforcement mechanism to correct the execution under observation. We propose a corrective mechanism that acts beyond halting the execution whenever a violation of the security is about to happen.
Nadia Tawbi has got a PhD in computer Science from Université Pierre et Marie Curie, Paris, France. She then worked as a researcher and as a leader of a research group at Bull, research center in Paris, before joining Université Laval, Québec, Canada, in 1996 where she is professor now. Her research topics cover static analysis of code, formal verification and language based security.