LocUsT: a tool for checking usage policies
نویسندگان
چکیده
We introduce LocUsT, a tool to statically check whether a given resource usage complies with a local policy. LocUsT takes as input an abstraction of the behaviour of a program, called a usage. Usages are expressed in a simple process calculus, and over-approximate all the resource accesses of the program itself. As additional input, LocUsT takes a policy that defines the allowed resource access patterns, represented through a finite state automaton parametrized over resources. Finally, LocUsT decides whether some trace of the given usage violates some instantiation of the policy.
منابع مشابه
Model Checking Usage Policies
We propose a model for specifying, analysing and enforcing safe usageof resources. Our usage policies allow for parametricity over resources,and they can be enforced through finite state automata. The patternsof resource access and creation are described through a basic calculus ofusages. In spite of the augmented flexibility given by resource creationand by policy parametri...
متن کاملMONPOLY: Monitoring Usage-Control Policies
Determining whether the usage of sensitive, digitally stored data complies with regulations and policies is a growing concern for companies, administrations, and end users alike. Classical examples of policies used for protecting and preventing the misuse of data are history-based access-control policies like the Chinese-wall policy and separation-of-duty constraints. Other policies from more s...
متن کامل6 A pr 2 00 5 An Audit Logic for Accountability ( Extended
We describe a policy language and implement its associated proof checking system. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are...
متن کاملStatic Enforcement of Static Separation-of-Duty Policies in Usage Control Authorization Models
Separation-of-Duty (SoD) is a fundamental security principle for prevention of fraud and errors in computer security. It has been studied extensively in traditional access control models. However, the research of SoD policy in the recently proposed usage control (UCON) model has not been well studied. This paper formulates and studies the fundamental problem of static enforcement of static SoD ...
متن کاملThe Audit Logic Policy Compliance in Distributed Systems
We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) p...
متن کامل