This repository contains the source code of DynCoVer, a prototype tool devoloped for the paper:
Dynamic Policies Revisited, Amir M. Ahmadian and Musard Balliu, IEEE European Symposium on Security and Privacy (Euro S&P), 2022.
DynCoVer is a prototype tool based on ENCoVer and JavaPathFinder. DynCoVer can be used to verify security in the presence of dynamic policies, perform policy consistency checks, and generate consistent policies.
-
DynCoVer requires Z3. You can manually install Z3 for your platform and make sure that Z3 is in your path. DynCoVer is known to work with Z3 version 4.8; it may or may not work with more recent versions.
-
You may also need to install ant. Test: running
ant -versionin a terminal should returnApache Ant version 1.7.1 compiled on September 8 2010or something similar. -
Clone the repo, or download it as a ZIP file.
-
Enter the jpf-dyncover directory
Command:
cd jpf-dyncover. -
Run the
compiletask.Command:
ant compile.
-
In the examples directory, we provide two use cases: A benchmark and a social network.
-
Each use case has a configuration file called
conf_tests.txt. The information in this file is used by DynCoVer, and it defines among other things:- The method which is going to be executed symbolically by jpf
- The methods observable by the attacker (e.g. print)
- The type of attacker (e.g. perfect, bounded, forgetful)
- The capacity of the bounded attacker's memory (e.g. bounded,1)
- The method used to deal with inconsistent policies (e.g. reject or repair).
-
Compile the examples.
Command:
ant examples -
Enter the build/examples directory.
Command:
cd build/examples -
Generate configuration files of a set of examples (e.g. Benchmarks).
Command:
bash bin/generateTestConfFiles.sh Benchmarks. -
Return to the main directory.
Command:
cd ../.. -
Run the example (e.g. Program 1 in the Benchmarks).
Command:
bash ./bin/dyncover.sh ./build/examples/testConf_encover.tests.Benchmarks_program1_perfect_reject.jpf -
Look at the results.
Command:
less ./output.out.