Using Equivalence Relations for Corrective Enforcement of Security Policies

被引:0
|
作者
Khoury, Raphael [1 ]
Tawbi, Nadia [1 ]
机构
[1] Univ Laval, Dept Comp Sci & Software Engn, Quebec City, PQ G1V 0A6, Canada
来源
COMPUTER NETWORK SECURITY | 2010年 / 6258卷
关键词
Monitoring; Security Policy Enforcement; Program Transformation; inlined reference monitors;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper, we present a new framework of runtime security policy enforcement Building on previous studies, we examine the enforcement power of monitors able to transform their target's execution, rather than simply accepting it if it is valid, or aborting it otherwise We bound this ability by a restriction stating that any transformation must preserve equivalence between the monitor's input and output We proceed by giving examples of meaningful equivalence relations and identify the security policies that are enforceable with their use We also relate our work to previous findings in this field Finally, we investigate how an a priori knowledge of the target program's behavior would increase the monitor's enforcement power
引用
收藏
页码:139 / 154
页数:16
相关论文
共 50 条
  • [1] Corrective Enforcement of Security Policies
    Khoury, Raphael
    Tawbi, Nadia
    [J]. FORMAL ASPECTS OF SECURITY AND TRUST, 2011, 6561 : 176 - 190
  • [2] Equivalence-preserving corrective enforcement of security properties
    Khoury, Raphaël
    Tawbi, Nadia
    [J]. International Journal of Information and Computer Security, 2015, 7 (2-4) : 113 - 139
  • [3] Security Aspects: A Framework for Enforcement of Security Policies using AOP
    Ayed, Samiha
    Idrees, Muhammad Sabir
    Cuppens-Boulahia, Nora
    Cuppens, Frederic
    Pinto, Monica
    Fuentes, Lidia
    [J]. 2013 INTERNATIONAL CONFERENCE ON SIGNAL-IMAGE TECHNOLOGY & INTERNET-BASED SYSTEMS (SITIS), 2013, : 301 - 308
  • [4] Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors
    Khoury, Raphael
    Tawbi, Nadia
    [J]. ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2012, 15 (02)
  • [5] Security Policies Enforcement Using Finite Edit Automata
    Beauquier, Daniele
    Cohen, Joelle
    Lanotte, Ruggero
    [J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2009, 229 (03) : 19 - 35
  • [6] Dynamic Security Policies Enforcement and Adaptation using Aspects
    Idrees, Muhammad Sabir
    Ayed, Samiha
    Cuppens-Boulahia, Nora
    Cuppens, Frederic
    [J]. 2015 IEEE TRUSTCOM/BIGDATASE/ISPA, VOL 1, 2015, : 1374 - 1379
  • [7] Achieving dynamicity in security policies enforcement using aspects
    Ayed, Samiha
    Idrees, Muhammad Sabir
    Cuppens, Nora
    Cuppens, Frederic
    [J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2018, 17 (01) : 83 - 103
  • [8] Automatic Enforcement of Expressive Security Policies using Enclaves
    Gollamudi, Anitha
    Chong, Stephen
    [J]. ACM SIGPLAN NOTICES, 2016, 51 (10) : 494 - 513
  • [9] Achieving dynamicity in security policies enforcement using aspects
    Samiha Ayed
    Muhammad Sabir Idrees
    Nora Cuppens
    Frederic Cuppens
    [J]. International Journal of Information Security, 2018, 17 : 83 - 103
  • [10] ENFORCEMENT OF SECURITY POLICIES FOR COMPUTATION
    JONES, AK
    LIPTON, RJ
    [J]. JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 1978, 17 (01) : 35 - 55
12345