Modeling runtime enforcement with mandatory results automata

被引：36

作者：

Dolzhenko, Egor ^{[1
,2
]}

Ligatti, Jay ^{[1
]}

Reddy, Srikar ^{[1
]}

机构：

[1] Univ S Florida, Dept Comp Sci & Engn, Tampa, FL 33620 USA

[2] Univ S Florida, Dept Math & Stat, Tampa, FL USA

来源：

INTERNATIONAL JOURNAL OF INFORMATION SECURITY | 2015年 / 14卷 / 01期

基金：

美国国家科学基金会;

关键词：

Enforceability theory; Monitoring; Runtime enforcement; Security automata; Models of enforcement;

D O I：

10.1007/s10207-014-0239-8

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper presents a theory of runtime enforcement based on mechanism models called mandatory results automata (MRAs). MRAs can monitor and transform security-relevant actions and their results. The operational semantics of MRAs is simple and enables straightforward definitions of concrete MRAs. Moreover, the definitions of policies and enforcement with MRAs are simple and expressive. Putting all of these features together, we argue that MRAs make good general models of runtime mechanisms, upon which a theory of runtime enforcement can be based. We develop some enforceability theory by characterizing the policies deterministic and non-deterministic MRAs can and cannot enforce.

引用

页码：47 / 60

页数：14

共 27 条

[1]

Aktug I., 2008, P 15 INT S FORM METH

[2] DEFINING LIVENESS [J].

ALPERN, B ;

SCHNEIDER, FB .

INFORMATION PROCESSING LETTERS, 1985, 21 (04) :181-185

[3] Enforceable Security Policies Revisited [J].

Basin, David ;

Juge, Vincent ;

Klaedtke, Felix ;

Zalinescu, Eugen .

ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2013, 16 (01)

[4]

Bauer L, 2005, P ACM SIGPLAN C PROG

[5] Composing Expressive Runtime Security Policies [J].

Bauer, Lujo ;

Ligatti, Jay ;

Walker, David .

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2009, 18 (03)

[6] Security Policies Enforcement Using Finite Edit Automata [J].

Beauquier, Daniele ;

Cohen, Joelle ;

Lanotte, Ruggero .

ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2009, 229 (03) :19-35

[7] Iterative enforcement by suppression: Towards practical enforcement theories [J].

Bielova, Nataliia ;

Massacci, Fabio .

JOURNAL OF COMPUTER SECURITY, 2012, 20 (01) :51-79

[8]

Bielova N, 2011, LECT NOTES COMPUT SC, V6542, P73, DOI 10.1007/978-3-642-19125-1_6

[9]

Biskup J., 2009, Security in Computing Systems: Challenges, Approaches and Solutions

[10]

Dam Mads, 2009, P EUR C OBJ OR PROGR

← 1 2 3 →