Abstract
In their works on the theoretical side of Polymer, Ligatti and his co-authors have identified a new class of enforcement mechanisms based on the notion of edit automata that can transform sequences and enforce more than simple safety properties. We show that there is a gap between the edit automata that one can possibly write (e.g., by Ligatti et al in their IJIS running example) and the edit automata that are actually constructed according the theorems from Ligatti’s IJIS paper or from Talhi et al. “Ligatti’s automata” are just a particular kind of edit automata. Thus, we re-open a question which seemed to have received a definitive answer: you have written your security enforcement mechanism (aka your edit automata); does it really enforce the security policy you wanted?
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, pp. 305–314. ACM Press, New York (2005)
Bauer L., Ligatti J., Walker D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2005)
Bielova N., Dragoni N., Massacci F., Naliuka K., Siahaan I.: Matching in security-by-contract for mobile code. J. Log. Algebraic Programm. 78(5), 340–358 (2009)
Bielova, N., Massacci, F.: Do you really mean what you actually enforced? In: Proceedings of the 5th International Workshop on Formal Aspects in Security and Trust, vol. 5491, pp. 287–301. Springer, Heidelberg (2008)
Bielova, N., Massacci, F., Micheletti, A.: Towards practical enforcement theories. In: Proceedings of The 14th Nordic Conference on Secure IT Systems. Lecture Notes in Computer Science, vol. 5838, pp. 239–254. Springer, Heidelberg (2009)
Cherubini A., Citrini C., Reghizzi S. C., Mandrioli D.: QRT FIFO automata, breadth-first grammars and their relations. Theor. Comput. Sci. 85(1), 171–203 (1991)
CNET Networks: Channel 4’s 4od: Tv on demand, at a price. Crave Webzine (2007)
Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. Ph.D. thesis, Cornell University (2003)
Fong, P. Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 43–55 (2004)
Gong, L., Ellison, G. Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation. Pearson Education (2003)
Hamlen K. W., Morrisett G., Schneider F. B.: Computability classes for enforcement mechanisms. ACM Trans. Programm. Lang. Syst. 28(1), 175–205 (2006)
Havelund K., Rosu G.: Efficient monitoring of safety properties. Int. J. Softw. Tools Technol. Transf 6(2), 158–173 (2004)
Krukow, K., Nielsen, M., Sassone, V.: A framework for concrete reputation-systems with applications to history-based access control. In: Proceedings of the 12th ACM Conference on Communications and Computer Security (2005)
LaMacchia, B., Lange, S.: .NET Framework security. Addison Wesley (2002)
Ligatti J., Bauer L., Walker D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 1–41 (2009)
Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. In: Proceedings of the Second International Workshop on Security and Trust Management, Electronic Notes in Theoretical Computer Science, vol. 179, pp. 31–46. Elsevier Science Publishers B.V. (2007)
Massacci, F., Siahaan., I.: Matching midlet’s security claims with a platform security policy using automata modulo theory. In: Proceedings of the 12th Nordic Workshop on Secure IT Systems (NordSec’07) (2007)
Massacci, F., Siahaan, I.S.R.: Simulating midlet’s security claims with automata modulo theory. In: Proceedings of the 2008 workshop on Programming Language and analysis for security, pp. 1–9. ACM Press (2008)
Ray, B.: Symbian signing is no protection from spyware. http://www.theregister.co.uk/2007/05/23/symbian_signed_spyware/ (2007)
Schneider F.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Sekar, R., Venkatakrishnan, V., Basu, S., Bhatkar, S., DuVarney, D.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 15–28. ACM Press, New York (2003)
Talhi C., Tawbi N., Debbabi M.: Execution monitoring enforcement under memory-limitation constraints. Inf. Comput. 206(2–4), 158–184 (2007)
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary, much shorter version of this paper appears in the informal proceedings of FAST’08 [4].
Rights and permissions
About this article
Cite this article
Bielova, N., Massacci, F. Do you really mean what you actually enforced?. Int. J. Inf. Secur. 10, 239–254 (2011). https://doi.org/10.1007/s10207-011-0137-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-011-0137-2