CliSeAu: Decentralized Coordinated Runtime Enforcement of Security in Distributed Systems

CliSeAu is a tool for dynamic enforcement of system-wide security requirements in distributed Java programs. CliSeAu enables one to enforce security requirements in a decentralized yet coordinated fashion. CliSeAu implements the concept of Service Automata developed in the MAIS group. Details about CliSeAu can be found in the key publication about CliSeAu at ICISS 2014, "CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement".

Overview

System-wide security

CliSeAu enables users to specify policies for enforcing system-wide security properties. We call a property system-wide if it cannot be decomposed into independent properties of the individual agents of a distributed system. An example of a system-wide security property is the Chinese Wall property we consider in our ICISS'14 paper. This property expresses that no user must be able download conflicting files from a distributed storage. The property is system-wide because the absence of conflicting downloads from each individual storage server does not imply the absence of conflicting downloads in the overall distributed storage.

Coordinated decentralized enforcement

CliSeAu supports coordinated decentralized enforcement. When applied to a distributed system, CliSeAu essentially generates one enforcement mechanism for each agent of the distributed system. The mechanisms are capable of coordinating the enforcement among each other. This feature allows them to enforce system-wide security properties. Technically, CliSeAu realizes the cooperation by means of network sockets. The cooperation between the enforcement mechanisms can even be decentralized. That is, there is no need for a central enforcement mechanism (and potential bottleneck) that determines how a property is enforced. We provide an example of decentralized enforcement in the case study contained in our ICISS'14 paper.

Instrumentation of Java programs

CliSeAu deploys enforcement mechanisms to Java programs by means of program instrumentation, i.e., by modification of the program's code. More precisely, CliSeAu performs the instrumentation at the bytecode level. That is, for applying CliSeAu to a given Java program, the source code of the program need not be available - a JAR file comprising the program's bytecode suffices.

Architectures

CliSeAu combines two architectures. Firstly, there is the architecture of the tool itself. A coarse-grained illustration of this architecture is provided below. The architecture shows that CliSeAu expects as input the JAR files of the distributed target program (the bytecode of the agents) as well as an instantiation of the enforcement capsules (more below). The output of CliSeAu is an instrumented target program, in which each agent (i.e., each non-distributed component of the program) is encapsulated by an enforcement mechanism.

The second architecture behind CliSeAu is the runtime architecture of enforcement capsules. An enforcement capsule is a non-distributed component of a distributed enforcement mechanism generated by CliSeAu. Each such enforcement capsule is applied to an agent of the distributed target program.

More details about CliSeAu can be found in the paper linked above.

Download

The source code of CliSeAu is available under the MIT license and can be downloaded here (latest version can be downloaded here). This download contains the following parts:

• CliSeAu itself: The download contains the complete source code of CliSeAu!
• Example instances: The download provides two instantiations of CliSeAu for enforcing a Chinese Wall security policy on a distributed file storage. In each of the examples, a Java FTP server is used for the file storage (the servers are not included but instructions for downloading them are included).
• All required Java libraries, except for AspectJ: AspectJ is not included to keep the download size lower.

CliSeAuDroid, the variant of CliSeAu for enforcing local or distributed security properties in Android applications, is available here. The source code of CliSeAuDroid is also available under the MIT license.

Prerequisites and Installation

CliSeAu was developed and tested under Linux with Java 7/8 and AspectJ 1.7.4/1.8.10. Details about further libraries can be found in the README file contained in the root directory of the download.

Instructions for compiling CliSeAu from the source code and for running CliSeAu on the example instances can be found in the contained README file.

Latest Version of CliSeAu

The source code of the latest version of CliSeAu is available under the MIT license and can be downloaded here. This download contains the same parts as describe above in the download section.

The latest version of CliSeAu was developed and tested under Ubuntu 18.04 with Java 11 and AspectJ 1.9.6. Details about further libraries can be found in the README file contained in the root directory of the download. Instructions for compiling CliSeAu from the source code and for running CliSeAu on the example instances can also be found in the contained README file.

Publications

• Melanie Jehn. A Performance Evaluation on Dynamic Enforcement Frameworks. Bachelor's thesis, TU Darmstadt, 2019.
  [ BibTeX entry ]
• Thomas Kreutz. Towards Enforcing Dynamic Security Policies in Java Programs. Bachelor's thesis, TU Darmstadt, 2019.
  [ BibTeX entry ]
• Jonas Meurer. Investigating the Effects of Inter-Process and Cross-Device Communication on Runtime Enforcement for Android. Bachelor's thesis, TU Darmstadt, 2019.
  [ BibTeX entry ]
• Joscha Seemann. Towards a C/C++ Extension for a Distributed Enforcement Framework. Bachelor's thesis, TU Darmstadt, 2019.
  [ BibTeX entry ]
• Yuri Gil Dantas, Richard Gay, Tobias Hamann, Heiko Mantel and Johannes Schickel. An Evaluation of Bucketing in Systems with Non-Deterministic Timing Behavior. In 33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection (IFIP SEC), pages 323-338, 2018.
  [ BibTeX entry | PDF ]
• Yuri Gil Dantas, Tobias Hamann and Heiko Mantel. A Comparative Study across Static and Dynamic Side-Channel Countermeasures. In Proceedings of the 11th International Symposium on Foundations & Practice of Security (FPS), pages 173-189, 2018.
  [ BibTeX entry | PDF ]
• Tobias Hamann and Heiko Mantel. Decentralized Dynamic Security Enforcement for Mobile Applications with CliSeAuDroid. In Proceedings of the 11th International Symposium on Foundations & Practice of Security (FPS), pages 29-45, 2018.
  [ BibTeX entry | PDF ]
• Sebastian Frantzen. Runtime Monitoring and Enforcement Mechanism in the Floodlight SDN Controller. Master Thesis, TU Darmstadt, 2018.
  [ BibTeX entry ]
• Yuri Gil Dantas, Tobias Hamann, Heiko Mantel and Johannes Schickel. An Experimental Study of a Bucketing Approach (Extended Abstract). In Proceedings of the 15th International Workshop on Quantitative Aspects of Programming Languages and Systems (QAPL), 2017.
  [ BibTeX entry ]
• Richard Gay. A Generic Framework for Enforcing Security in Distributed Systems. Ph.D. Thesis, TU Darmstadt, 2017.
  [ BibTeX entry | PDF ]
• Richard Gay, Jinwei Hu, Heiko Mantel and Sogol Mazaheri. Relationship-Based Access Control for Resharing in Decentralized Online Social Networks. In Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS), pages 18-34, 2017.
  [ BibTeX entry | PDF ]
• Richard Gay, Jinwei Hu, Heiko Mantel and Johannes Schickel. Towards Accelerated Usage Control based on Access Correlations. In Proceedings of the 22nd Nordic Conference on Secure IT Systems (NordSec), pages 245-261, 2017.
  [ BibTeX entry | PDF ]
• Tobias Hamann. CliSeAu for Android Applications: Design, Case Studies and Evaluation. Master Thesis, TU Darmstadt, 2016.
  [ BibTeX entry ]
• Johannes Schickel. Using File-Correlation to Accelerate Decision-Making in a Decentralized Cooperative Security Enforcement. Master Thesis, TU Darmstadt, 2016.
  [ BibTeX entry ]
• Moritz Tiedje. Design and Evaluation of Profiling Methods for the Distributed Enforcement Mechanism CliSeAu. Bachelor Thesis, TU Darmstadt, 2015.
  [ BibTeX entry ]
• David Basin, Germano Caronni, Sarah Ereth, MatúsÌŒ Harvan, Felix Klaedtke and Heiko Mantel. Scalable Offline Monitoring. In Proceedings of the 14th International Conference on Runtime Verification (RV), pages 31-47, 2014.
  [ BibTeX entry | PDF ]
• Richard Gay, Jinwei Hu and Heiko Mantel. CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement. In Proceedings of the 10th International Conference on Information Systems Security (ICISS). LNCS 8880, pages 378-398. Springer, 2014.
  [ BibTeX entry | PDF ]
• Richard Gay, Jinwei Hu and Heiko Mantel. Coordinating Distributed Security Enforcement. Short Talk at the 27th IEEE Computer Security Foundations Symposium (CSF), 2014.
  [ BibTeX entry | Abstract ]
• Frank Hartmann. Protecting Third-Party Web Service Integrations with Service Automata. Master Thesis, TU Darmstadt, 2014.
  [ BibTeX entry ]
• Dominic Scheurer. Enforcing Datalog Policies with Service Automata on Distributed Version Control Systems. Bachelor Thesis, TU Darmstadt, 2013.
  [ BibTeX entry ]
• Richard Gay, Heiko Mantel and Barbara Sprick. Service Automata. In Post-Proceedings of the 8th International Workshop on Formal Aspects of Security and Trust (FAST 2011). LNCS 7140, pages 148-163. Springer, 2012.
  [ BibTeX entry | PDF | Proofs ]
• Sogol Mazaheri. Race Conditions in Distributed Enforcement at the Example of Online Social Networks. Bachelor Thesis, TU Darmstadt, 2012.
  [ BibTeX entry ]
• Florian Wendel. An Evaluation of Delegation Strategies for Coordinated Enforcement. Bachelor Thesis, TU Darmstadt, 2012.
  [ BibTeX entry ]
• Richard Gay, Heiko Mantel and Barbara Sprick. Service Automata. In Pre-Proceedings of the 8th International Workshop on Formal Aspects of Security and Trust (FAST 2011), 2011.
  [ BibTeX entry | PDF | Proofs ]
• Richard Gay, Heiko Mantel and Barbara Sprick. Service Automata for Secure Distributed Systems. Poster at the 26th Annual Computer Security Applications Conference (ACSAC), 2010.
  [ BibTeX entry | Poster Proposal ]