nach oben

International Journal of Information Security

Erschienen in:

01.02.2015 | Regular Contribution

Modeling runtime enforcement with mandatory results automata

verfasst von: Egor Dolzhenko, Jay Ligatti, Srikar Reddy

Erschienen in: International Journal of Information Security | Ausgabe 1/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper presents a theory of runtime enforcement based on mechanism models called mandatory results automata (MRAs). MRAs can monitor and transform security-relevant actions and their results. The operational semantics of MRAs is simple and enables straightforward definitions of concrete MRAs. Moreover, the definitions of policies and enforcement with MRAs are simple and expressive. Putting all of these features together, we argue that MRAs make good general models of runtime mechanisms, upon which a theory of runtime enforcement can be based. We develop some enforceability theory by characterizing the policies deterministic and non-deterministic MRAs can and cannot enforce.

Vorheriger Artikel Routing management for performance and security tradeoff in wireless mesh networks

Nächster Artikel A multiresolution approach for optimal defense against random attacks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Aktug, I., Dam, M., Gurov, D.: Provably correct runtime monitoring. In: Proceedings of the 15th International Symposium on Formal Methods, May 2008

Alpern, B., Schneider, F.B.: Defining liveness. Inf. Process. Lett. 21(4), 181–185 (Oct. 1985)

Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. ACM Trans. Inf. Syst. Secur. 16(1) 3:1–3:26 (2013)

Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (2005)

Bauer, L., Ligatti, J., Walker, D.: Composing expressive runtime security policies. ACM Trans. Softw. Eng. Methodol. 18(3), 1–43 (2009)CrossRef

Beauquier, D., Cohen, J., Lanotte, R.: Security policies enforcement using finite edit automata. Electron. Notes Theor. Comput. Sci. 229(3), 19–35 (2009)CrossRefMathSciNet

Bielova, N., Massacci, F.: Predictability of enforcement. In: Proceedings of the International Symposium on Engineering Secure Software and Systems, vol. 6542, pp. 73–86. Springer (2011)

Bielova, N., Massacci, F.: Iterative enforcement by suppression: towards practical enforcement theories. J. Comput. Secur. 20(1), 51–79 (2012)

Biskup, J.: Security in Computing Systems: Challenges, Approaches and Solutions. Springer, Berlin (2009)

10.

Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security monitor inlining for multithreaded java. In: Proceedings of the European Conference on Object-Oriented Programming (ECOOP), July 2009

11.

Devriese, D., Piessens, F.: Non-interference through secure multi-execution. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 109–124, May 2010

12.

Erlingsson, Ú.: The inlined reference monitor approach to security policy enforcement. Ph.D. thesis, Cornell University, Jan. 2004

13.

Finnis, J., Saigal, N., Iamnitchi, A., Ligatti, J.: A location-based policy-specification language for mobile devices. Pervasive Mob. Comput. J. 8(3), 402–414 (June 2012)

14.

Fong, P.W.L.: Access control by tracking shallow execution history. In: Proceedings of the IEEE Symposium on Security and Privacy, May 2004

15.

Hamlen, K., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Progr. Lang. Syst. 28(1), 175–205 (Jan. 2006)

16.

Khoury, R., Tawbi, N.: Corrective enforcement of security policies. In: Pierpaolo, D., Sandro, E., Joshua, G.(eds.) Formal Aspects of Security and Trust, Lecture Notes in Computer Science, vol. 6561, pp. 176–190. Springer Berlin, Heidelberg (2011). doi:10.1007/978-3-64219751-2_12

17.

Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.: An overview of AspectJ. In: European Conference on Object-oriented Programming. Springer (2001)

18.

Kim, M., Kannan, S., Lee, I., Sokolsky, O., Viswantathan M.: Computational analysis of run-time monitoring: fundamentals of Java-MaC Electron. Notes Theor. Comput. Sci. 70(4), 80–94 (2002). doi:10.1016/S1571-0661(04)80578-4

19.

Lamport, L.: Logical foundation. In: Lecture Notes in Computer Science, vol. 190, pp. 119–130 (1985)

20.

Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 1–41 (Jan. 2009)

21.

Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS), Sept. 2010

22.

Pretschner, A., Buechler, M., Harvan, M., Schaefer, C., Walter, T.: Usage control enforcement with data flow tracking for x11. In: Proceedings of 5th International Workshop on Security and Trust Management, pp. 124–137 (2009)

23.

Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (2008)

24.

Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRef

25.

Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitation constraints. Inf. Comput. 206(2–4), 158–184 (2008)CrossRefMATHMathSciNet

26.

Viswanathan, M.: Foundations for the run-time analysis of software systems. Ph.D. thesis, University of Pennsylvania (2000)

27.

Yu, D., Chander, A., Islam, N., Serikov, I.: Javascript instrumentation for browser security. In: Proceedings of the Symposium on Principles of Programming Languages, pp. 237–249 (2007)

Titel: Modeling runtime enforcement with mandatory results automata
verfasst von: Egor Dolzhenko
Jay Ligatti
Srikar Reddy
Publikationsdatum: 01.02.2015
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 1/2015
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-014-0239-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2015

Routing management for performance and security tradeoff in wireless mesh networks

Implementing public-key cryptography on passive RFID tags is practical

The MALICIA dataset: identification and analysis of drive-by download operations

Malware analysis using visualized images and entropy graphs

Information-theoretically secure oblivious polynomial evaluation in the commodity-based model

A multiresolution approach for optimal defense against random attacks