How Powerful Are Run-Time Monitors with Static Information?

Characterizing the security policies enforceable by run-time monitors has received great attention in recent years. The research, however, has been limited to the monitors having no prior knowledge about possible behaviors of the program they monitor and to a specific class of policies known as properties. This paper takes a first step towards identifying the policies, which are enforceable by the run-time monitors statically provided with a possibly inaccurate approximation of the target's possible executions. We define a run-time monitor as taking such an approximation and deriving an automaton that transforms individual executions. To delineate the policies enforceable in this way, we redefine the paradigms of security policy enforcement so that they can be applied to all policies. In particular, we give new classes of effective and precise enforcement and study the policies enforceable in these paradigms.