Cost-Aware Runtime Enforcement of Security Policies

Drábik, Peter; Martinelli, Fabio; Morisset, Charles

doi:10.1007/978-3-642-38004-4_1

Peter Drábik¹⁹,
Fabio Martinelli¹⁹ &
Charles Morisset¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7783))

Included in the following conference series:

International Workshop on Security and Trust Management

822 Accesses
10 Citations

Abstract

In runtime enforcement of security policies, the classic requirements on monitors in order to enforce a security policy are soundness and transparency. However, there are many monitors that successfully pass this specification but they differ in complexity of both their implementation and the output they produce. In order to distinguish and compare these monitors we propose to associate cost with enforcement.

We present a framework where the cost of enforcement of a trace is determined by the cost of operations the monitor uses to edit the trace. We explore cost-based order relations on sound monitors. We investigate cost-optimality of monitors which allows considering the most cost-efficient monitors that soundly enforce a property.

This research was supported by the EU FP7-ICT project NESSoS under the grant agreement n. 256980.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2), 2–16 (2005)
Article Google Scholar
Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73–86. Springer, Heidelberg (2011)
Chapter Google Scholar
Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)
Chapter Google Scholar
Bielova, N., Massacci, F.: Do you really mean what you actually enforced? IJIS, 1–16 (2011)
Google Scholar
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2(3), 117–126 (1987)
Article MATH Google Scholar
Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Software Eng. 3(2), 125–143 (1977)
Article MathSciNet MATH Google Scholar
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)
Article Google Scholar
Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 309–328. Springer, Heidelberg (2012)
Chapter Google Scholar
Drábik, P., Martinelli, F., Morisset, C.: Cost-aware runtime enforcement of security policies. Technical Report TR-11-2012, IIT-CNR (2012)
Google Scholar
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Transactions on Information and System Security 12(3), 1–41 (2009)
Article Google Scholar
Fong, P.W.L.: Access control by tracking shallow execution history. In: IEEE Symposium on Security and Privacy, pp. 43–55. IEEE Computer Society (2004)
Google Scholar
Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? a survey. Computer Science Review 6(1), 27–45 (2012)
Article Google Scholar
Khoury, R., Tawbi, N.: Using equivalence relations for corrective enforcement of security policies. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 139–154. Springer, Heidelberg (2010)
Chapter Google Scholar
Martinelli, F., Morisset, C.: Quantitative access control with partially-observable Markov decision processes. In: Proceedings of CODASPY 2012, pp. 169–180. ACM (2012)
Google Scholar
Martinelli, F., Matteucci, I., Morisset, C.: From qualitative to quantitative enforcement of security policy. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 22–35. Springer, Heidelberg (2012)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Security Group, IIT-CNR, Via Giuseppe Moruzzi 1, 56124, Pisa, Italy
Peter Drábik, Fabio Martinelli & Charles Morisset

Authors

Peter Drábik
View author publications
You can also search for this author in PubMed Google Scholar
Fabio Martinelli
View author publications
You can also search for this author in PubMed Google Scholar
Charles Morisset
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Informatics, University of Oslo, P.O.Box 1080, 0316, Blindern, Oslo, Norway
Audun Jøsang
Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, CR, Italy
Pierangela Samarati
National Research Center(CNR), Institute of Informatics and Telematics(IIT), Via G. Moruzzi, 1, 56124, Pisa, Italy
Marinella Petrocchi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Drábik, P., Martinelli, F., Morisset, C. (2013). Cost-Aware Runtime Enforcement of Security Policies. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-38004-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38003-7
Online ISBN: 978-3-642-38004-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics