Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

Mallios, Yannis; Bauer, Lujo; Kaynar, Dilsun; Ligatti, Jay

doi:10.1007/978-3-642-38004-4_2

Cited by 9 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our definition of policies extends that of security properties [22]: security properties are predicates, i.e., binary functions, on sets of traces, whereas we focus on policies that are functions whose range is the real numbers (as opposed to {0, 1}). We leave the investigation of enforcement for securities policies defined as sets of sets of traces (e.g., [22,8,19]) for future work.…”

Section: Cost Security Policiesmentioning

confidence: 99%

“…Drabik et al introduced a framework that calculated the overall cost of enforcement based on costs assigned to the enforcement actions performed by the monitor [10]; this framework can be used to calculate and compare the cost of different monitors' implementations. This framework provides means to reason about cost-aware enforcement, but its enforcement model does not capture interactions between the target and its environment, including the monitor; recent work has shown that capturing such interactions can be valuable [19]. In addition, in practice the cost of running an application may depend on the ordering of its actions, which may in turn depend on the scheduling strategy.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Probabilistic cost enforcement of security policies

Mallios

Bauer

Kaynar

et al. 2015

JCS

Self Cite

View full text Add to dashboard Cite

This paper presents a formal framework for run-time enforcement mechanisms, or monitors, based on probabilistic input/output automata [3, 4], which allows for the modeling of complex and interactive systems. We associate with each trace of a monitored system (i.e., a monitor interposed between a system and an environment) a probability and a real number that represents the cost that the actions appearing on the trace incur on the monitored system. This allows us to calculate the probabilistic (expected) cost of the monitor and the monitored system, which we use to classify monitors, not only in the typical sense, e.g., as sound and transparent [17], but also at a more fine-grained level, e.g., as cost-optimal or cost-efficient. We show how a cost-optimal monitor can be built using information about cost and the probabilistic future behavior of the system and the environment, showing how deeper knowledge of a system can lead to construction of more efficient security mechanisms. between the proxy and the server. TCP scrubbers leave the bulk of the TCP processing to the end points: they maintain the current state of the connection and a copy of packets sent by the external host but not acknowledged by the internal receiver. Fig. 1 (adapted from [18]) depicts the differences between the two mechanisms in a specific scenario. Although both mechanisms correctly enforce the same high-level "no ambiguity" policy, the proxy requires twice the amount of buffering as the scrubber, which suggests that the proxy is more costly (in terms of computational resources).

show abstract

Section: Cost Security Policiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Probabilistic cost enforcement of security policies

Mallios

Bauer

Kaynar

et al. 2015

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…2 An important aspect of this formalism is the ability of the controller to prevent bad actions before they happen, meaning that the target is not directly aware that its action has been suppressed, and keeps going normally. More complex systems exist to represent the interaction between the target and the controller, such as [17,19]. Such an extension is considered as future work.…”

Section: Quantitative Control Operatorsmentioning

confidence: 99%

Quantitative Evaluation of Enforcement Strategies

Ciancia

Martinelli

Matteucci

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In Security, monitors and enforcement mechanisms run in parallel with programs to check, and modify their run-time behaviour, respectively, in order to guarantee the satisfaction of a security policy. For the same policy, several enforcement strategies are possible. We provide a framework for quantitative monitoring and enforcement. Enforcement strategies are analysed according to user-defined parameters. This is done by extending the notion controller processes, that mimics the well-known edit automata, with weights on transitions, valued in a C-semiring. C-semirings permit one to be flexible and general in the quantitative criteria. Furthermore, we provide some examples of orders on controllers that are evaluated under incomparable criteria. * The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grants no 256980 (NESSoS) and no 295354 (SESAMO).

show abstract

Section: Cost Security Policy Enforcementmentioning

confidence: 99%

“…This includes Martinelli and Matteucci's model of run-time monitors based on CCS [21], Gay et al's service automata based on CSP for enforcing security requirements in distributed systems [13], Basin et al's language, based on CSP and Object-Z (OZ), for specifying security automata [1], and Mallios et al's I/O automata-based model for reasoning about incomplete mediation and knowledge the monitor might have about the target [19]. Although these models are richer and orthogonal revisions to security automata and related computational and operational extensions, they maintain the same view of (enforceable) security policies: binary predicates over sets of executions.…”

Section: Related Workmentioning

confidence: 99%

Probabilistic Cost Enforcement of Security Policies

Mallios

Bauer

Kaynar

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. This paper presents a formal framework for run-time enforcement mechanisms, or monitors, based on probabilistic input/output automata [3,4], which allows for the modeling of complex and interactive systems. We associate with each trace of a monitored system (i.e., a monitor interposed between a system and an environment) a probability and a real number that represents the cost that the actions appearing on the trace incur on the monitored system. This allows us to calculate the probabilistic (expected) cost of the monitor and the monitored system, which we use to classify monitors, not only in the typical sense, e.g., as sound and transparent [17], but also at a more fine-grained level, e.g., as cost-optimal or cost-efficient. We show how a cost-optimal monitor can be built using information about cost and the probabilistic future behavior of the system and the environment, showing how deeper knowledge of a system can lead to construction of more efficient security mechanisms.

show abstract

Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors

Cited by 9 publications

References 22 publications

Probabilistic cost enforcement of security policies

Probabilistic cost enforcement of security policies

Quantitative Evaluation of Enforcement Strategies

Probabilistic Cost Enforcement of Security Policies

Contact Info

Product

Resources

About