Conference Paper
Enforcing Nonsafety Security Policies with Program Monitors.
DOI: 10.1007/11555827_21 Conference: Computer Security  ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 1214, 2005, Proceedings
Source: DBLP

Technical Report: Model Development Environment for Guaranteed Information Assurance in NetcentricCompliant Information Systems
[Show abstract] [Hide abstract]
ABSTRACT: The aim of this project is to develop a feasible design for a Model Development Environment that supports the development of netcentric systems with guarantees of userspecified safety and information assurance policies. This paper focuses on (1) a policy language for expressing system safety and information assurance constraints, (2) analysis mechanisms for detecting policy applicability in a model, and (3) enforcement mechanisms and associated assurance arguments and evidence. An overarching objective is to lower the cost of producing certified software that is ready for service in a SOA. This entails lowering the cost of initial certification and the cost of recertification after modifications.  [Show abstract] [Hide abstract]
ABSTRACT: Edit automata have been introduced by J.Ligatti et al. as a model for security enforcement mechanisms which work at run time. In a distributed interacting system, they play a role of a monitor that runs in parallel with a target program and transforms its execution sequence into a sequence that obeys the security property. In this paper, we characterize security properties which are enforceable by finite edit automata (i.e. edit automata with a finite set of states) and deterministic contextfree edit automata (i.e. finite edit automata extended with a stack). We prove that the properties enforceable by finite edit automata are a subclass of regular sets. Moreover, given a regular set $P$ , one can decide in time $O(n^2)$ , whether $P$ is enforceable by a finite edit automaton (where $n$ is the number of states of the finite automaton recognizing $P$ ) and we give an algorithm to synthesize the controller. Moreover, we prove that safety policies are always enforced by a deterministic contextfree edit automaton. We also prove that it is possible to check if a policy is a safety policy in $O(n^4)$ . Finally, we give a topological condition on the deterministic automaton expressing a regular policy enforceable by a deterministic contextfree edit automaton.International Journal of Information Security 08/2013; 12(4). · 0.48 Impact Factor  [Show abstract] [Hide abstract]
ABSTRACT: Runtime enforcement is a common mechanism for ensuring that program executions adhere to constraints specified by a security policy. It is based on two simple ideas: the enforcement mechanism should leave good executions without changes transparency and make sure that the bad ones got amended soundness. From the theory side, a number of papers Hamlen et al., Ligatti et al., Talhi et al. provide the precise characterization of good executions that can be captured by a security policy and thus enforced by mechanisms like security automata or edit automata.Unfortunately, transparency and soundness do not distinguish what happens when an execution is actually bad the practical case. They only tell that the outcome of enforcement mechanism should be “good” but not how far the bad execution should be changed. So we cannot formally distinguish between an enforcement mechanism that makes a small change and one that drops the whole execution.In this paper we explore a set of policies called iterative properties that revises the notion of good executions in terms of repeated iterations. We propose an enforcement mechanism that can deal with bad executions and not only the good ones in a more predictable way by eliminating bad iterations.Journal of Computer Security. 01/2012; 20(1):5179.
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.