Monitoring Security Policies with Metric First-order Temporal Logic

被引:31
作者
Basin, David [1 ]
Klaedtke, Felix [1 ]
Mueller, Samuel [1 ]
机构
[1] Swiss Fed Inst Technol, Zurich, Switzerland
来源
SACMAT 2010: PROCEEDINGS OF THE 15TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2010年
关键词
Temporal Logic; Monitoring; Security Policies; Access Control; Separation of Duty; Compliance; Usage Control; REAL-TIME; CHECKING; CONSTRAINTS; INTEGRITY; MODELS;
D O I
10.1145/1809842.1809849
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this expressive logic, ranging from traditional policies like Chinese Wall and separation of duty to more specialized usage-control and compliance requirements. We also explain how these formalizations can be directly used for monitoring and experimentally evaluate the performance of the resulting monitors.
引用
收藏
页码:23 / 33
页数:11
相关论文
共 35 条
  • [1] Abiteboul S., 1994, FDN DATABASES LOGICA, V1st
  • [2] DEFINING LIVENESS
    ALPERN, B
    SCHNEIDER, FB
    [J]. INFORMATION PROCESSING LETTERS, 1985, 21 (04) : 181 - 185
  • [3] ALUR R, 1992, LECT NOTES COMPUT SC, V600, P74, DOI 10.1007/BFb0031988
  • [4] [Anonymous], 2006, Simulation modeling and analysis
  • [5] [Anonymous], 2008, P 28 IARCS C FDN SOF, DOI [DOI 10.4230/LIPICS.FSTTCS.2008.1740, 10.4230/LIPIcs.FSTTCS.2008.1740]
  • [6] Barringer H, 2004, LECT NOTES COMPUT SC, V2937, P44
  • [7] Privacy and contextual integrity: Framework and applications
    Barth, Adam
    Datta, Anupam
    Mitchell, John C.
    Nissenbaum, Helen
    [J]. 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2006, : 184 - +
  • [8] Bauer A, 2006, LECT NOTES COMPUT SC, V4337, P260
  • [9] An access control model supporting periodicity constraints and temporal reasoning
    Bertino, E
    Bettini, C
    Ferrari, E
    Samarati, P
    [J]. ACM TRANSACTIONS ON DATABASE SYSTEMS, 1998, 23 (03): : 231 - 285
  • [10] Provisions and Obligations in Policy Rule Management
    Claudio Bettini
    Sushil Jajodia
    X. Sean Wang
    Duminda Wijesekera
    [J]. Journal of Network and Systems Management, 2003, 11 (3) : 351 - 372
1234