Which security policies are enforceable by runtime monitors? A survey

Khoury, Raphaël; Tawbi, Nadia

doi:10.1016/j.cosrev.2012.01.001

Cited by 24 publications

(16 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since Schneider's seminal work [12], runtime enforcement of policy using security automata has been a well-studied subject in the literature, such as [9][10][11]5]. We do not detail here all these approaches, and we refer to [7] for an extensive survey. However, to the best of our knowledge, our approach is the first one to deal with the problem of cost of enforcement.…”

Section: Discussionmentioning

confidence: 99%

“…However, to the best of our knowledge, our approach is the first one to deal with the problem of cost of enforcement. Recent research has argued that the original definition of effective enforcement [9] is inadequate because it does not sufficiently constrain the behaviour of the monitor when it is faced with a possible violation of the security policy [7]. Researchers have revisited the notion of enforcement by a monitor have proposed alternative ones.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Cost-Aware Runtime Enforcement of Security Policies

Drábik

Martinelli

Morisset

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In runtime enforcement of security policies, the classic requirements on monitors in order to enforce a security policy are soundness and transparency. However, there are many monitors that successfully pass this specification but they differ in complexity of both their implementation and the output they produce. In order to distinguish and compare these monitors we propose to associate cost with enforcement. We present a framework where the cost of enforcement of a trace is determined by the cost of operations the monitor uses to edit the trace. We explore cost-based order relations on sound monitors. We investigate cost-optimality of monitors which allows considering the most costefficient monitors that soundly enforce a property.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Cost-Aware Runtime Enforcement of Security Policies

Drábik

Martinelli

Morisset

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Moreover, it can also be exploited to know a-priori if a set of enforcers are compatible, instead of lately discovering it at run-time, once their interference or the lack of application of some enforcers may have serious consequences for the health of the system. A body of work formally studied the classes of properties that can be enforced using different models and languages, with an emphasis on security policies [33,26,27,17,23]. Interestingly these approaches should be complemented with appropriate analysis routines to check that the result of the enforcement is in line with what the enforcers are expected to achieve.…”

Section: Related Workmentioning

confidence: 99%

Verifying Policy Enforcers

Riganelli

Micucci

Mariani

et al. 2017

Runtime Verification

View full text Add to dashboard Cite

Abstract. Policy enforcers are sophisticated runtime components that can prevent failures by enforcing the correct behavior of the software. While a single enforcer can be easily designed focusing only on the behavior of the application that must be monitored, the effect of multiple enforcers that enforce different policies might be hard to predict. So far, mechanisms to resolve interferences between enforcers have been based on priority mechanisms and heuristics. Although these methods provide a mechanism to take decisions when multiple enforcers try to affect the execution at a same time, they do not guarantee the lack of interference on the global behavior of the system. In this paper we present a verification strategy that can be exploited to discover interferences between sets of enforcers and thus safely identify a-priori the enforcers that can co-exist at run-time. In our evaluation, we experimented our verification method with several policy enforcers for Android and discovered some incompatibilities.

show abstract

“…This distinction makes it easier to study the interaction between the target program, the monitor and the system. A thorough survey of the question of enforceable properties by monitors is provided in [17].…”

Section: Related Workmentioning

confidence: 99%

“…This method of ensuring the security of code is rapidly gaining acceptance in practice and several implementations exist [17]. One question seems to recur frequently in multiple studies: exactly which set of properties are monitorable, in the sense that they are enforceable by monitors.…”

Section: Introductionmentioning

confidence: 99%

Runtime Enforcement with Partial Control

Khoury

Hallé

2016

Foundations and Practice of Security

Self Cite

View full text Add to dashboard Cite

This study carries forward the line of enquiry that seeks to characterize precisely which security policies are enforceable by runtime monitors. In this regard, Basin et al. recently refined the structure that helps distinguish between those actions that the monitor can potentially suppress or insert in the execution, from those that the monitor can only observe. In this paper, we generalize this model by organizing the universe of possible actions in a lattice that naturally corresponds to the levels of monitor control. We then delineate the set of properties that are enforceable under this paradigm and relate our results to previous work in the field. Finally, we explore the set of security policies that are enforceable if the monitor is given greater latitude to alter the execution of its target, which allows us to reflect on the capabilities of different types of monitors.

show abstract

Which security policies are enforceable by runtime monitors? A survey

Cited by 24 publications

References 26 publications

Cost-Aware Runtime Enforcement of Security Policies

Cost-Aware Runtime Enforcement of Security Policies

Verifying Policy Enforcers

Runtime Enforcement with Partial Control

Contact Info

Product

Resources

About