Cost-Aware Runtime Enforcement of Security Policies

نویسندگان

  • Peter Drábik
  • Fabio Martinelli
  • Charles Morisset
چکیده

In runtime enforcement of security policies, the classic requirements on monitors in order to enforce a security policy are soundness and transparency. However, there are many monitors that successfully pass this specification but they differ in complexity of both their implementation and the output they produce. In order to distinguish and compare these monitors we propose to associate cost with enforcement. We present a framework where the cost of enforcement of a trace is determined by the cost of operations the monitor uses to edit the trace. We explore cost-based order relations on sound monitors. We investigate cost-optimality of monitors which allows considering the most costefficient monitors that soundly enforce a property.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Survey of Runtime Policy Enforcement Techniques and Implementations

Runtime techniques bring new promises of accuracy and flexibility in enforcing security policies. While static security enforcement was previously studied and classified, this work is the first to survey the state of the art on runtime security enforcement. Our purpose is to encourage a better understanding of limitations and advantages of enforcement techniques and their implementations. We cl...

متن کامل

A Theory of Runtime Enforcement, with Results

This paper presents a theory of runtime enforcement based on mechanism models called MRAs (Mandatory Results Automata). MRAs can monitor and transform security-relevant actions and their results. Because previous work could not model monitors transforming results, MRAs capture realistic behaviors outside the scope of previous models. MRAs also have a simple but realistic operational semantics t...

متن کامل

Using Equivalence Relations for Corrective Enforcement of Security Policies

In this study, we present a new framework of runtime enforcement of security policies. Building on previous studies, we examine the enforcement power of monitors capable of transforming their target’s execution. We bound this ability by a restriction stating that any transformation must preserve equivalence between the monitor’s input and output. We proceed by giving examples of meaningful equi...

متن کامل

Which security policies are enforceable by runtime monitors? A survey

Runtime monitoring is a widely used approach to ensure code safety. Several implementations of formal monitors have been proposed in the literature, and these differ with respect to the set of security policies that they are capable of enforcing. In this survey, we examine the evolution of knowledge regarding the issue of precisely which security policies monitors are capable of enforcing. We i...

متن کامل

Enhancing Cloud Security with Context-aware Usage Control Policies

Cloud environments strongly rely on virtualization infrastructure that provides virtual resources by abstracting from the physical hardware. Thus, cloud providers can cost-efficiently share physical hardware among multiple tenants, and a single virtual resource may span multiple physical resources at different geo-locations. From a tenant’s perspective, the uncertainty about location and contex...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012