Abstract
We revisit Schneider’s work on policy enforcement by execution monitoring. We overcome limitations of Schneider’s setting by distinguishing between system actions that are controllable by an enforcement mechanism and those actions that are only observable, that is, the enforcement mechanism sees them but cannot prevent their execution. For this refined setting, we give necessary and sufficient conditions on when a security policy is enforceable. To state these conditions, we generalize the standard notion of safety properties. Our classification of system actions also allows one, for example, to reason about the enforceability of policies that involve timing constraints. Furthermore, for different specification languages, we investigate the decision problem of whether a given policy is enforceable. We provide complexity results and show how to synthesize an enforcement mechanism from an enforceable policy.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference50 articles.
1. Defining liveness
2. A really temporal logic
3. American National Standards Institute Inc. 2004. Role Based Access Control. American National Standards Institute Inc. Washington DC. American National Standards Institute Inc. 2004. Role Based Access Control . American National Standards Institute Inc. Washington DC.
4. Rule-Based Runtime Verification
Cited by
41 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Proactive enforcement of provisions and obligations;Journal of Computer Security;2023-11-28
2. Asynchronous Wait-Free Runtime Verification and Enforcement of Linearizability;Proceedings of the 2023 ACM Symposium on Principles of Distributed Computing;2023-06-16
3. Formal Methods for the Security of Medical Devices1;Applied Smart Health Care Informatics;2022-02-25
4. Real-Time Policy Enforcement with Metric First-Order Temporal Logic;Computer Security – ESORICS 2022;2022
5. Decentralized LTL Enforcement;Electronic Proceedings in Theoretical Computer Science;2021-09-17