AESOP—Automatic Enforcement of Security Policies

To address the threat of malicious third party software modules, ATC-NY, Professor Dexter Kozen, Cornell University, and Architecture Technology Corporation have prototyped AESOP. AESOP is a tool for analysis and instrumentation of untrusted code, supporting the enforcement of a user-defined security policy. AESOP automatically creates a browsable representation of the structure of a target program and the critical operations that may be performed by the program. The user may navigate this representation to attach runtime monitors to control these critical operations. AESOP then automatically produces a modified version of the target program that is guaranteed to satisfy a user-specified security or auditing policy.