Edit automata: Enforcement mechanisms for run-time security policies

被引：0

作者：

Ligatti J. ^{[1
]}

Bauer L. ^{[2
]}

Walker D. ^{[1
]}

机构：

[1] Princeton University, Princeton, NJ

[2] Carnegie Mellon University, Pittsburgh, PA

来源：

International Journal of Information Security | 2005年 / 4卷 / 1-2期

基金：

美国国家科学基金会;

关键词：

Classification of security policies; Language-based security; Run-time checking and monitoring; Security automata;

D O I：

10.1007/s10207-004-0046-8

中图分类号：

学科分类号：

摘要：

We analyze the space of security policies that can be enforced by monitoring and modifying programs at run time. Our program monitors, called edit automata, are abstract machines that examine the sequence of application program actions and transform the sequence when it deviates from a specified policy. Edit automata have a rich set of transformational powers: they may terminate an application, thereby truncating the program action stream; they may suppress undesired or dangerous actions without necessarily terminating the program; and they may also insert additional actions into the event stream. After providing a formal definition of edit automata, we develop a rigorous framework for reasoning about them and their cousins: truncation automata (which can only terminate applications), suppression automata (which can terminate applications and suppress individual actions), and insertion automata (which can terminate and insert). We give a set-theoretic characterization of the policies each sort of automaton can enforce, and we provide examples of policies that can be enforced by one sort of automaton but not another. © Springer-Verlag 2004.

引用

页码：2 / 16

页数：14

共 19 条

[1]

Alpern B., Schneider F., Recognizing safety and liveness, Distrib. Comput., 2, pp. 117-126, (1987)

[2]

Bauer L., Ligatti J., Walker D., More enforceable security policies, Foundations of Computer Security, pp. 95-104, (2002)

[3]

Bauer L., Ligatti J., Walker D., A language and system for enforcing run-time security policies, Technical Report TR-699-04, (2004)

[4]

Colcombet T., Fradet P., Enforcing trace properties by program transformation, Proceedings of the 27th ACM Symposium on Principles of Programming Languages, pp. 54-66, (2000)

[5]

Elmasri R., Navathe S.B., Fundamentals of Database Systems, (1994)

[6]

Evans D., Twyman A., Flexible policy-directed code safety, Proceedings of the 1999 IEEE Symposium on Security and Privacy, (1999)

[7]

Fong P.W.L., Access control by tracking shallow execution history, Proceedings of the 2004 IEEE Symposium on Security and Privacy, (2004)

[8]

Hamlen K., Morrisett G., Schneider F., Computability classes for enforcement mechanisms, Technical Report TR2003-1908, (2003)

[9]

Kiczales G., Hilsdale E., Hugunin J., Kersten M., Palm J., Griswold W., An overview of AspectJ, Proceedings of the European Conference on Object-Oriented Programming, (2001)

[10]

Kim M., Kannan S., Lee I., Sokolsky O., Viswantathan M., Computational analysis of run-time monitoring - Fundamentals of Java-MaC, Electronic Notes in Theoretical Computer Science, 70, (2002)

← 1 2 →