Abstract
Run-time monitors ensure that untrusted software and system behavior adheres to a security policy. This paper defines an expressive formal framework, based on I/O automata, for modeling systems, policies, and run-time monitors in more detail than is typical. We explicitly model, for example, the environment, applications, and the interaction between them and monitors. The fidelity afforded by this framework allows us to explicitly formulate and study practical constraints on policy enforcement that were often only implicit in previous models, providing a more accurate view of what can be enforced by monitoring in practice. We introduce two definitions of enforcement, target-specific and generalized, that allow us to reason about practical monitoring scenarios. Finally, we provide some meta-theoretical comparison of these definitions and we apply them to investigate policy enforcement in scenarios where the monitor designer has knowledge of the target application and show how this can be exploited to make more efficient design choices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
de Alfaro, L., Henzinger, T.A.: Interface automata. In: Proc. European Software Engineering Conference (2001)
Araragi, T., Attie, P.C., Keidar, I., Kogure, K., Luchangco, V., Lynch, N.A., Mano, K.: On Formal Modeling of Agent Computations. In: Rash, J.L., Rouff, C.A., Truszkowski, W., Gordon, D.F., Hinchey, M.G. (eds.) FAABS 2000. LNCS (LNAI), vol. 1871, pp. 48–62. Springer, Heidelberg (2001)
Basin, D., Olderog, E.R., Sevinc, P.E.: Specifying and analyzing security automata using CSP-OZ. In: Proc. ACM Symposium on Information, Computer and Communications Security, ASIACCS (2007)
Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable Security Policies Revisited. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 309–328. Springer, Heidelberg (2012)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional (2002)
Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. Journal of the ACM 31, 560–599 (1984)
Chabot, H., Khoury, R., Tawbi, N.: Extending the enforcement power of truncation monitors using static analysis. Computers and Security 30(4), 194–207 (2011)
Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: Proc. IEEE Computer Security Foundations Symposium (2008)
Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: a retrospective. In: Proc. Workshop on New Security Paradigms (2000)
Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Intl. Jrnl. Software Tools for Tech. Transfer (STTT) 14(3), 349–382 (2011)
Fong, P.W.L.: Access control by tracking shallow execution history. In: Proc. IEEE Symposium on Security and Privacy (2004)
Garfinkel, T.: Traps and pitfalls: Practical problems in system call interposition based security tools. In: Proc. Network and Distributed Systems Security Symposium (2003)
Gay, R., Mantel, H., Sprick, B.: Service Automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)
Hickey, J., Lynch, N.A., van Renesse, R.: Specifications and Proofs for Ensemble Layers. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 119–134. Springer, Heidelberg (1999)
Kwiatkowska, M.Z.: Survey of fairness notions. Information and Software Technology 31(7), 371–386 (1989)
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Transactions on Information and System Security 12(3) (2009)
Ligatti, J., Reddy, S.: A Theory of Runtime Enforcement, with Results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)
Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc. (1996)
Mallios, Y., Bauer, L., Kaynar, D., Ligatti, J.: Enforcing more with less: Formalizing target-aware run-time monitors. Tech. Rep. CMU-CyLab-12-009, CyLab, Carnegie Mellon University (2012)
Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci. 179, 31–46 (2007)
Milner, R.: A Calculus of Communicating Systems. Springer (1982)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. Master’s thesis, Dept. of Electrical Engineering and Computer Science. MIT (1987)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mallios, Y., Bauer, L., Kaynar, D., Ligatti, J. (2013). Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-38004-4_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38003-7
Online ISBN: 978-3-642-38004-4
eBook Packages: Computer ScienceComputer Science (R0)