Abstract
Upon finding violations of the given security policies, most runtime policy enforcement systems forcibly and suddenly terminate applications. We propose a new technique for disabling application features in advance that might violate the security policies. Our enforcement mechanism uses both static analysis and dynamic checking techniques, and disables violating functions by unplugging modules and by disabling buttons or menu items. We implemented a prototype policy enforcement system by modifying the Eclipse IDE.
