Abstract
Runtime enforcement is a common mechanism for ensuring that program executions adhere to constraints specified by a security policy. It is based on two simple ideas: the enforcement mechanism should leave good executions without changes and make sure that the bad ones got amended. From the theory side, a number of papers [6,10,12] provide the precise characterization of good executions that can be captured by a security policy and thus enforced by a specific mechanism. Unfortunately, those theories do not distinguish what happens when an execution is actually bad (the practical case). The theory only says that the outcome of enforcement mechanism should be “good” but not how far should the bad execution be changed.
If we consider a real-life example of a drug dispensation process in a hospital the notion of security automata or even edit automata would stop all requests by all doctors on all drugs and all dispensation protocols, as soon as a doctor forgot to insert the research protocol number.
In this paper we explore a set of policies called iterative properties that revises the notion of good traces in terms of repeated iterations. We start discussing how an enforcement mechanism can actually deal with bad executions (and not just only the good ones).
Research partly supported by the Project EU-FP7-IP-MASTER.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alpern, B., Schneider, F.B.: Defining liveness. Inform. Processing Letters 21(4), 181–185 (1985)
Bauer, L., Ligatti, J., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. of Inform. Sec. 4(1-2), 2–16 (2005)
Bielova, N., Massacci, F.: Do you really mean what you actually enforced? In: Proc. of the FAST 2009 workshop, vol. 5491, pp. 287–301. Springer, Heidelberg (2008)
Erlingsson, U.: The Inlined Reference Monitor Approach to Security Policy Enforcement. Technical report 2003-1916, Department of Computer Science, Cornell University (2003)
Fong, P.W.L.: Access control by tracking shallow execution history. In: Proc. of Symp. on Sec. and Privacy, pp. 43–55. IEEE, Los Alamitos (2004)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. TOPLAS 28(1), 175–205 (2006)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on .net. In: Proc. of the workshop on Prog. Lang. and analysis for security (PLAS 2006), pp. 7–16. ACM Press, New York (2006)
Lamport, L.: Proving the correctness of multiprocess programs. TSE SE-3(2), 125–143 (1977)
Ligatti, J.: Policy Enforcement via Program Monitoring. PhD thesis, Princeton University (2006)
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Transactions on Inf. and Sys. Sec. (TISSEC) 12(3), 1–41 (2009)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Inf. and Sys. Sec. (TISSEC) 3(1), 30–50 (2000)
Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitation constraints. Inform. and Comp. 206(2-4), 158–184 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bielova, N., Massacci, F., Micheletti, A. (2009). Towards Practical Enforcement Theories. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds) Identity and Privacy in the Internet Age. NordSec 2009. Lecture Notes in Computer Science, vol 5838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04766-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-04766-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04765-7
Online ISBN: 978-3-642-04766-4
eBook Packages: Computer ScienceComputer Science (R0)