Predictability of Enforcement

  • Nataliia Bielova
  • Fabio Massacci
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)


The current theory of runtime enforcement is based on two properties for evaluating an enforcement mechanism: soundness and transparency. Soundness defines that the output is always good (“no bad traces slip out”) and transparency defines that good input is not changed (“no surprises on good traces”). However, in practical applications it is also important to specify how bad traces are fixed so that the system exhibits a reasonable behavior. We propose a new notion of predictability which can be defined in the same spirit of continuity in real-functions calculus. It defines that there are “no surprises on bad input”. We discuss this idea based on the feedback of an industrial case study on e-Health.


Security Policy Enforcement Mechanism Levenshtein Distance Policy Decision Point Industrial Case Study 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Pontryagin, L.S., Arkhangel’skii, A.V. (eds.): General topology I: basic concepts and constructions, dimension theory. Springer, Heidelberg (1990)zbMATHGoogle Scholar
  2. 2.
    Bauer, L., Ligatti, J., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. of Inform. Sec. 4(1-2), 2–16 (2005)CrossRefGoogle Scholar
  3. 3.
    Bielova, N., Massacci, F., Micheletti, A.: Towards practical enforcement theories. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 239–254. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Brown, A., Ryan, M.: Synthesising monitors from high-level policies for the safe execution of untrusted software. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 233–247. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Chatterjee, K., Doyen, L., Henzinger, T.A.: Expressiveness and closure properties for quantitative languages. Comp. Research Repository, abs/1007.4018 (2010)Google Scholar
  6. 6.
    Cohn, D.L.: Measure Theory. Birkhauser, Basel (1980)CrossRefzbMATHGoogle Scholar
  7. 7.
    Desmet, L., Joosen, W., Massacci, F., Philippaerts, P., Piessens, F., Siahaan, I., Vanoverberghe, D.: Security-by-contract on the .net platform. Information Security Technical Report 13(1), 25–32 (2008)CrossRefGoogle Scholar
  8. 8.
    Erlingsson, U.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell University (2003)Google Scholar
  9. 9.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: Enforcement monitoring wrt. the safety-progress classification of properties. In: Proc. of 24th ACM Symp. on Applied Computing – Software Verif. and Test. Track, pp. 593–600. ACM Press, New York (2009)Google Scholar
  10. 10.
    Gheorghe, G., Neuhaus, S., Crispo, B.: xESB: An enterprise service bus for access and usage control policy enforcement. In: IFIPTM 2010. IFIP Advances in Information and Communication Technology, vol. 321, pp. 63–78. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Khoury, R., Tawbi, N.: Using Equivalence Relations for Corrective Enforcement of Security Policies. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 139–154. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics Doklady 10(8), 707–710 (1966); An English translation of the “Physics Sections” of the Proceedings of the Academy of Sciences of the USSRMathSciNetzbMATHGoogle Scholar
  13. 13.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. on Inform. and Sys. Security 12(3), 1–41 (2009)CrossRefGoogle Scholar
  14. 14.
    Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Matthews, S.G.: Partial metric topology. In: Proceedings of the 8th Summer Conference, Queen’s College, vol. 728, pp. 183–197. Annals of the New York Academy of Sciences (1994)Google Scholar
  16. 16.
    Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. on Inform. and Sys. Security 7(1), 128–174 (2004)CrossRefGoogle Scholar
  17. 17.
    Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: Proc. of ACM Symp. on Inform., Comp. and Comm. Security, pp. 47–60. ACM Press, New York (2009)Google Scholar
  18. 18.
    Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Proc. of ACM Symp. on Inform. Comp. and Comm. Security, pp. 240–244. ACM Press, New York (2008)Google Scholar
  19. 19.
    Schneider, F.B.: Enforceable security policies. ACM Trans. on Inform. and Sys. Security 3(1), 30–50 (2000)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitation constraints. Inform. and Comp. 206(2-4), 158–184 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Yun, D., Chander, A., Islam, N., Serikov, I.: Javascript instrumentation for browser security. In: Proc. of the 34th ACM SIGPLAN-SIGACT Symp. on Princ. of Prog. Lang., pp. 237–249. ACM Press, New York (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Nataliia Bielova
    • 1
  • Fabio Massacci
    • 1
  1. 1.University of TrentoItaly

Personalised recommendations