A. Birgisson, M. Dhawan, U. Erlingsson, V. Ganapathy, L. Iftode,
Enforcing authorization policies using transaction memory
introspection, in Proc. 15th ACM Conference on Computer and
Communications Security (CCS '08), pp. 223-234, 2008.

@inproceedings{1455800,
 author = {Birgisson, Arnar and Dhawan, Mohan and Erlingsson, \'{U}lfar and
Ganapathy, Vinod and Iftode, Liviu},
 title = {Enforcing authorization policies using transactional memory
introspection},
 booktitle = {CCS '08: Proceedings of the 15th ACM conference on Computer
and communications security},
 year = {2008},
 isbn = {978-1-59593-810-7},
 pages = {223--234},
 location = {Alexandria, Virginia, USA},
 doi = {http://doi.acm.org/10.1145/1455770.1455800},
 publisher = {ACM},
 address = {New York, NY, USA},
 }

ABSTRACT

Correct enforcement of authorization policies is a difficult task,
especially for multi-threaded software. Even in carefully-reviewed
code, unauthorized access may be possible in subtle corner cases.  We
introduce Transactional Memory Introspection (TMI), a novel reference
monitor architecture that builds on Software Transactional Memory -- a
new, attractive alternative for writing correct, multi-threaded
software.

TMI facilitates correct security enforcement by simplifying how the
reference monitor integrates with software functionality. TMI can
ensure complete mediation of security-relevant operations, eliminate
race conditions related to security checks, and simplify handling of
authorization failures. We present the design and implementation of a
TMI-based reference monitor and experiment with its use in enforcing
authorization policies on four significant servers.  Our experiments
confirm the benefits of the TMI architecture and show that it imposes
an acceptable runtime overhead.