Security Policies Enforcement Using Finite Edit Automata
نویسندگان
چکیده
منابع مشابه
Using Edit Automata for Rewriting-Based Security Enforcement
Execution monitoring (EM) is a widely adopted class of security mechanisms. EM-enforceable security properties are usually characterized by security automata and their derivatives. However Edit automata (EA) have been recently proposed to specify more powerful EMs. Being able to feign the execution of sensitive program actions, these EMs are supposed to enforce more security properties. However...
متن کاملAutomata : Enforcement Mechanisms for Run - time Security Policies ?
We analyze the space of security policies that can be enforced by monitoring and modifying programs at run time. Our program monitors, called edit automata, are abstract machines that examine the sequence of application program actions and transform the sequence when it deviates from a specified policy. Edit automata have a rich set of transformational powers: They may terminate the application...
متن کاملCorrective Enforcement of Security Policies
Monitoring is a powerful security policy enforcement paradigm that allows the execution of a potentially malicious software by observing and transforming it, thus ensuring its compliance with a user-defined security policy. Yet some restrictions must be imposed on the monitor’s ability to transform sequences, so that key elements of the execution’s semantics are preserved. An approximation of t...
متن کاملDynamic Enforcement of Knowledge-based Security Policies using Abstract Interpretation
This paper explores the idea of knowledge-based security policies, which are used to decide whether to answer queries over secret data based on an estimation of the querier’s (possibly increased) knowledge given the results. Limiting knowledge is the goal of existing information release policies that employ mechanisms such as noising, anonymization, and redaction. Knowledge-based policies are m...
متن کاملUsing Equivalence Relations for Corrective Enforcement of Security Policies
In this study, we present a new framework of runtime enforcement of security policies. Building on previous studies, we examine the enforcement power of monitors capable of transforming their target’s execution. We bound this ability by a restriction stating that any transformation must preserve equivalence between the monitor’s input and output. We proceed by giving examples of meaningful equi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Electronic Notes in Theoretical Computer Science
سال: 2009
ISSN: 1571-0661
DOI: 10.1016/j.entcs.2009.06.037