16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019, Abu Dhabi, United Arab Emirates, 3 - 07 November 2019, vol.2019-November
© 2019 IEEE.This paper surveys the area of in-lined reference monitors (IRMs), a language-based security enforcement technology that has gained much popularity in the recent past. IRMs enforce given security policies in target applications by inserting dynamic security guards into these applications; the guards check for impending policy violations at runtime. IRMs keep track of security state and can thus enforce rich, history-based policies. This survey discusses IRMs for a variety of programming languages, application execution platforms, and security policy specification languages. The survey also discusses the benefits and importance of adding IRM certification, and the technical and managerial challenges of employing IRMs.