Abstract
Security controllers follow the execution of the target systems to prevent security violations. In fact, by proactively observing the target, they are able to catch security violations before they occur and act consequently, such as by interrupting the execution. In this paper we define a novel category of security controllers called lazy controllers, a conservative extension of standard controllers which routinely suspend the observation of the target for different time spans, in order to reduce the cost of monitoring and increase performance, at the expense of the possibility of missing a violation.
We show how a proactive truncation controller can be extended to the lazy setting, and we formally characterize the relation between the length of suspended time spans and the actual violation risk, which constitutes the formal ground of our approach. This allows the actual time of suspension to be determined according to a given maximum bearable risk. Precisely, we formally investigate three classes of systems, namely non-deterministic, probabilistic, and stochastic systems.
This work has been partially supported by EU-funded projects FP7-257876 SPaCIoS.
This work started when the three authors were employed at IIT-CNR, Pisa, Italy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Skalka, C., Smith, S.: Static enforcement of security with types. SIGPLAN Notices 35, 34–45 (2000)
Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Types and effects for resource usage analysis. In: Seidl, H. (ed.) FOSSACS 2007. LNCS, vol. 4423, pp. 32–47. Springer, Heidelberg (2007)
Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-contract: Toward a semantics for digital signatures on mobile code. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 297–312. Springer, Heidelberg (2007)
Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Int. J. on Software Tools for Technology Transfer (STTT), 1–34 (2011)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3, 30–50 (2000)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. of Information Security 4, 2–16 (2005)
Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electronic Notes in Theoretical Computer Science 179, 31–46 (2007)
Martinelli, F., Matteucci, I.: Synthesis of local controller programs for enforcing global security properties. In: Proceedings of ARES 2008, pp. 1120–1127 (2008)
Falcone, Y.: You should better enforce than verify. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 89–105. Springer, Heidelberg (2010)
Garfinkel, S., Spafford, G.: Practical Unix and Internet security, 2nd edn. O’Reilly & Associates, Inc., Sebastopol (1996)
Axelsson, S., Lindqvist, U., Gustafson, U., Jonsson, E.: An Approach to UNIX Security Logging. In: Proceedings of the 21st NIST-NCSC, pp. 62–75 (1998)
Abad, C., Taylor, J., Zhou, Y., Sengul, C., Rowe, K., Yurcik, W.: Log Correlation for Intrusion Detection: A Proof of Concept. In: Proceedings ACSAC 2003 (2003)
Plotkin, G.: A Structural Approach to Operational Semantics. In: Technical Report DAIMI FN-19, Denmark, Aarhus University (1981)
Plotkin, G.: The Origins of Structural Operational Semantics. In: Journal of Logic and Algebraic Programming. 60-61, 3–15 (2004)
Costa, G., Caravagna, G., Pardini, G., Wiegand, L.: Lazy Monitoring for Distributed Computing Environments. In: Proceedings of IMIS (2012)
Pnueli, A.: The temporal logic of programs. In: 18th FOCS, pp. 46–57. IEEE (1977)
Büchi, J.R.: On a Decision Method in Restricted Second-Order Arithmetic. In: Int. Cong. on Logic, Methodology, and Philosophy of Science, pp. 1–11 (1962)
Kupferman, O., Vardi, M.Y.: Model checking of safety properties. Formal Methods in System Design 19, 291–314 (2001)
Ross, S.M.: Introduction to Probability Models, 9th edn. Academic Press (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Caravagna, G., Costa, G., Pardini, G. (2013). Lazy Security Controllers. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-38004-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38003-7
Online ISBN: 978-3-642-38004-4
eBook Packages: Computer ScienceComputer Science (R0)