On Quantitative Security Policies

We introduce a formal framework to specify and enforce quantitative security policies. The framework consists of: (i) a stochastic process calculus to express the measurable space of computations in terms of Continuous Time Markov Chains; (ii) a stochastic modal logic (a variant of CSL) to represent the bound constraints on execution speed; (iii) two enforcement mechanisms of our quantitative security policies: potential or actual. The potential enforcement computes the probability of policy violations, thus providing a sort of static evaluation of the policy. This supports the user to accept/discard a component when the probability of the security violation is below/above a suitable chosen threshold. The actual enforcement computes the deviation of the execution speed from the acceptable rate. This supports the run-time systems by driving the execution monitor to abort unsafe executions.