Automatic Enforcement of Security Properties
نویسندگان
چکیده
Ensuring the security requirements of an application is not a straightforward task. Security properties (e.g., confidentiality, anonymity) need to be satisfied in different ways in different parts of the same application. Software architects are usually required to manually define security components and their dependencies with the base application, customize them to the application’s requirements, identify the points where security is incorporated, and verify that the selected places are correct. The last two steps are especially complex and errorprone. In our approach, we aim to provide a solution that helps software architects to identify the correct places to incorporate the security functionality and to verify the correctness of the composed application architecture. This is achieved by identifying a set of general structural patterns for incorporating security into the application architecture, and by providing a model-driven SPL solution to customize these patterns to each application’s requirements.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملUsing Edit Automata for Rewriting-Based Security Enforcement
Execution monitoring (EM) is a widely adopted class of security mechanisms. EM-enforceable security properties are usually characterized by security automata and their derivatives. However Edit automata (EA) have been recently proposed to specify more powerful EMs. Being able to feign the execution of sensitive program actions, these EMs are supposed to enforce more security properties. However...
متن کاملFormalization of Security Properties: Enforcement for MAC Operating Systems and Verification of Dynamic MAC Policies
Enforcement of security properties by Operating Systems is an open problem. To the best of our knowledge, the solution presented in this paper is the first one that enables a wide range of integrity and confidentiality properties to be enforced. A unified formalization is proposed for the major properties of the literature and new ones are defined using a Security Property Language. Complex and...
متن کاملSynthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties
Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progr...
متن کاملSecurity properties in an open peer-to-peer network
This paper proposes to address new requirements of confidentiality, integrity and availability properties fitting to peer-to-peer domains of resources. The enforcement of security properties in an open peer-topeer network remains an open problem as the literature have mainly proposed contribution on availability of resources and anonymity of users. That paper proposes a novel architecture that ...
متن کاملApplication - Oriented Security Policies and theirCompositionVirgil
We deene the notion of the application-oriented security policy and suggest that it diiers from that of a system-level, global security policy. We view a policy as a conjunction of security properties and argue that these properties are not always independent and, hence, cannot be analyzed (e.g., composed) individually. We also argue that some necessary policy properties fall outside of the Alp...
متن کامل