Abstract
Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progress classification of properties. It allows a fine-grain characterization of the space of enforceable properties. Finally, we propose a systematic technique to produce an enforcement monitor from the Streett automaton recognizing a given safety, guarantee, obligation or response security property.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28, 175–205 (2006)
Viswanathan, M.: Foundations for the run-time analysis of software systems. PhD thesis, University of Pennsylvania, Philadelphia, PA, USA, Supervisor-Sampath Kannan and Supervisor-Insup Lee (2000)
Ligatti, J., Bauer, L., Walker, D.: Runtime Enforcement of Nonsafety Policies. ACM, New York (2007)
Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)
Fong, P.W.L.: Access control by tracking shallow execution history. sp 00, 43 (2004)
Chang, E., Manna, Z., Pnueli, A.: The safety-progress classification. Technical report, Stanford University, Dept. of Computer Science (1992)
Chang, E.Y., Manna, Z., Pnueli, A.: Characterization of temporal property classes. Automata, Languages and Programming, 474–486 (1992)
Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3, 125–143 (1977)
Alpern, B., Schneider, F.B.: Defining liveness. Technical report, Cornell University, Ithaca, NY, USA (1984)
Falcone, Y., Fernandez, J.C., Mounier, L.: Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties. Technical Report TR-2008-7, Verimag Research Report (2008)
Manna, Z., Pnueli, A.: A hierarchy of temporal properties (invited paper, 1989). In: PODC 1990: Proceedings of the ninth annual ACM symposium on Principles of distributed computing, pp. 377–410. ACM, New York (1990)
Streett, R.S.: Propositional dynamic logic of looping and converse. In: STOC 1981: Proceedings of the thirteenth annual ACM symposium on Theory of computing, pp. 375–383. ACM, New York (1981)
Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP 1998: Proceedings of the second workshop on Formal methods in software practice, pp. 7–15. ACM, New York (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Falcone, Y., Fernandez, JC., Mounier, L. (2008). Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties. In: Sekar, R., Pujari, A.K. (eds) Information Systems Security. ICISS 2008. Lecture Notes in Computer Science, vol 5352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89862-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-89862-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89861-0
Online ISBN: 978-3-540-89862-7
eBook Packages: Computer ScienceComputer Science (R0)