A Quantitative Approach for Inexact Enforcement of Security Policies
作者: Peter Drábik , Fabio Martinelli , Charles Morisset
DOI: 10.1007/978-3-642-33383-5_19
关键词:
摘要: A run-time enforcement mechanism is a program in charge of ensuring that all the traces system satisfy given security policy. Following Schneider's seminal work, there have been several approaches defining what kind policies can be automatically enforced, and particular, non-safety properties cannot correctly transparently enforced. In this paper, we first propose to build an using abstract notion selector. We then quantify inexact property by mechanism, considering both leading non-secure output secure not output, thus formalizing intuitive security/usability tradeoff. Finally, refine when probabilistic quantitative information known about traces. illustrate different concepts with running example, representing policy dealing emergency situations.
springer.com
core.ac.uk
sci-hub.st 参考文章(25)
Formal Methods for Eternal Networked Software Systems Springer Berlin Heidelberg. ,(2011) , 10.1007/978-3-642-21455-4
Data and Applications Security XXII Springer Berlin Heidelberg. ,(2008) , 10.1007/978-3-540-70567-3
Charles Morisset, Fabio Martinelli, Peter Drábik, A Quantitative Approach for the Inexact Enforcement of Security Policies Information Security - 15th International Conference, ISC 2012, Passau, Germany, September 19-21, 2012. Proceedings. ,(2012)
David Basin, Vincent Jugé, Felix Klaedtke, Eugen Zălinescu, Enforceable security policies revisited principles of security and trust. pp. 309- 328 ,(2012) , 10.1007/978-3-642-28641-4_17
Leonard J. LaPadula, D. Elliott Bell, MITRE technical report 2547, volume II Journal of Computer Security. ,vol. 4, pp. 239- 263 ,(1996) , 10.3233/JCS-1996-42-308
Fabio Massacci, Nataliia Bielova, Predictability of enforcement international conference on engineering secure software and systems. pp. 73- 86 ,(2011) , 10.5555/1946341.1946349
Claudio Agostino Ardagna, Sabrina De Capitani di Vimercati, Tyrone Grandison, Sushil Jajodia, Pierangela Samarati, Regulating Exceptions in Healthcare Using Policy Spaces Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security. pp. 254- 267 ,(2008) , 10.1007/978-3-540-70567-3_20
Vojtěch Forejt, Marta Kwiatkowska, Gethin Norman, David Parker, Automated Verification Techniques for Probabilistic Systems formal methods. pp. 53- 113 ,(2011) , 10.1007/978-3-642-21455-4_3
Myrto Arapinis, Sergiu Bursuc, Mark D. Ryan, Reduction of equational theories for verification of trace equivalence: re-encryption, associativity and commutativity principles of security and trust. pp. 169- 188 ,(2012) , 10.1007/978-3-642-28641-4_10
Chamseddine Talhi, Nadia Tawbi, Mourad Debbabi, Execution monitoring enforcement under memory-limitation constraints Information & Computation. ,vol. 206, pp. 158- 184 ,(2008) , 10.1016/J.IC.2007.07.009