Edit automata: Enforcement mechanisms for run-time security policies

Jay Ligatti, Lujo Bauer, David Walker

Research output: Contribution to journalArticlepeer-review

273 Scopus citations


We analyze the space of security policies that can be enforced by monitoring and modifying programs at run time. Our program monitors, called edit automata, are abstract machines that examine the sequence of application program actions and transform the sequence when it deviates from a specified policy. Edit automata have a rich set of transformational powers: they may terminate an application, thereby truncating the program action stream; they may suppress undesired or dangerous actions without necessarily terminating the program; and they may also insert additional actions into the event stream. After providing a formal definition of edit automata, we develop a rigorous framework for reasoning about them and their cousins: truncation automata (which can only terminate applications), suppression automata (which can terminate applications and suppress individual actions), and insertion automata (which can terminate and insert). We give a set-theoretic characterization of the policies each sort of automaton can enforce, and we provide examples of policies that can be enforced by one sort of automaton but not another.

Original languageEnglish (US)
Pages (from-to)2-16
Number of pages15
JournalInternational Journal of Information Security
Issue number1-2
StatePublished - Feb 2005

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


  • Classification of security policies
  • Language-based security
  • Run-time checking and monitoring
  • Security automata


Dive into the research topics of 'Edit automata: Enforcement mechanisms for run-time security policies'. Together they form a unique fingerprint.

Cite this