Monitoring Security Policies with Metric First-order Temporal Logic

被引：31

作者：

Basin, David ^{[1
]}

Klaedtke, Felix ^{[1
]}

Mueller, Samuel ^{[1
]}

机构：

[1] Swiss Fed Inst Technol, Zurich, Switzerland

来源：

SACMAT 2010: PROCEEDINGS OF THE 15TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2010年

关键词：

Temporal Logic; Monitoring; Security Policies; Access Control; Separation of Duty; Compliance; Usage Control; REAL-TIME; CHECKING; CONSTRAINTS; INTEGRITY; MODELS;

D O I：

10.1145/1809842.1809849

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this expressive logic, ranging from traditional policies like Chinese Wall and separation of duty to more specialized usage-control and compliance requirements. We also explain how these formalizations can be directly used for monitoring and experimentally evaluate the performance of the resulting monitors.

引用

页码：23 / 33

页数：11

共 35 条

[11] Brewer D. F. C., 1989, Proceedings 1989 IEEE Symposium on Security and Privacy (Cat. No.89CH2703-7), P206, DOI 10.1109/SECPRI.1989.36295
[12] EFFICIENT CHECKING OF TEMPORAL INTEGRITY CONSTRAINTS USING BOUNDED HISTORY ENCODING
CHOMICKI, J
[J]. ACM TRANSACTIONS ON DATABASE SYSTEMS, 1995, 20 (02): : 149 - 186
[13] LOLA:: Runtime monitoring of synchronous systems
D'Angelo, B
Sankaranarayanan, S
Sánchez, C
Robinson, W
Finkbeiner, B
Sipma, HB
Mehrotra, S
Manna, Z
[J]. 12TH INTERNATIONAL SYMPOSIUM ON TEMPORAL REPRESENTATION AND REASONING, PROCEEDINGS, 2005, : 166 - 174
[14] Dinesh N, 2008, LECT NOTES COMPUT SC, V5289, P86
[15] Ferraiolo D. F., 2001, ACM Transactions on Information and Systems Security, V4, P224, DOI 10.1145/501978.501980
[16] Giblin C, 2005, FRONT ARTIF INTEL AP, V134, P37
[17] Hallé S, 2009, LECT NOTES COMPUT SC, V5643, P648, DOI 10.1007/978-3-642-02658-4_50
[18] Efficient monitoring of safety properties
Havelund K.
Roşu G.
[J]. International Journal on Software Tools for Technology Transfer, 2004, 6 (2) : 158 - 173
[19] Hilty M, 2005, LECT NOTES COMPUT SC, V3679, P98
[20] A logical language for expressing authorizations
Jajodia, S
Samarati, P
Subrahmanian, VS
[J]. 1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1997, : 31 - 42

← 1 2 3 4 →