Quantitative Evaluation of Enforcement Strategies

Position Paper
  • Vincenzo Ciancia
  • Fabio Martinelli
  • Matteucci Ilaria
  • Charles Morisset
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8352)


A security enforcement mechanism runs in parallel with a system to check and modify its run-time behaviour, so that it satisfies some security policy. For each policy, several enforcement strategies are possible, usually reflecting trade-offs one has to make to satisfy the policy. To evaluate them, multiple dimensions, such as security, cost of implementation, or cost of attack, must be taken into account. We propose a formal framework for the quantification of enforcement strategies, extending the notion of controller processes (mimicking the well-known edit automata) with weights on transitions, valued in a semiring.


Enforcement mechanisms Quantitative process algebra  Semiring 


  1. 1.
    Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. LNCS, vol. 2962. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Schneider, F.B.: Enforceable security policies. ACM TISSEC 3(1), 30–50 (2000)CrossRefGoogle Scholar
  3. 3.
    Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. ENTCS 179, 31–46 (2007)Google Scholar
  4. 4.
    Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? a survey. Comput. Sci. Rev. 6(1), 27–45 (2012)CrossRefGoogle Scholar
  5. 5.
    Bauer, L., Ligatti, J., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2005)Google Scholar
  6. 6.
    Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)Google Scholar
  7. 7.
    Buchholz, P., Kemper, P.: Quantifying the dynamic behavior of process algebras. In: de Luca, L., Gilmore, S. (eds.) PAPM-PROBMIV 2001. LNCS, vol. 2165, pp. 184–199. Springer, Heidelberg (2001)Google Scholar
  8. 8.
    Easwaran, A., Kannan, S., Lee, I.: Optimal control of software ensuring safety and functionality. Technical report MS-CIS-05-20, University of Pennsylvania (2005)Google Scholar
  9. 9.
    Martinelli, F., Morisset, C.: Quantitative access control with partially-observable markov decision processes. In: Proceedings of CODASPY ’12, pp. 169–180. ACM (2012)Google Scholar
  10. 10.
    Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73–86. Springer, Heidelberg (2011)Google Scholar
  11. 11.
    Khoury, R., Tawbi, N.: Corrective enforcement: a new paradigm of security policy enforcement by monitors. ACM Trans. Inf. Syst. Secur. 15(2), 10:1–10:27 (2012)CrossRefGoogle Scholar
  12. 12.
    Drábik, P., Martinelli, F., Morisset, C.: Cost-aware runtime enforcement of security policies. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 1–16. Springer, Heidelberg (2013)Google Scholar
  13. 13.
    Martinelli, F., Matteucci, I., Morisset, C.: From qualitative to quantitative enforcement of security policy. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 22–35. Springer, Heidelberg (2012)Google Scholar
  14. 14.
    Drábik, P., Martinelli, F., Morisset, C.: A quantitative approach for inexact enforcement of security policies. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 306–321. Springer, Heidelberg (2012)Google Scholar
  15. 15.
    Caravagna, G., Costa, G., Pardini, G.: Lazy security controllers. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 33–48. Springer, Heidelberg (2013)Google Scholar
  16. 16.
    Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 309–328. Springer, Heidelberg (2012)Google Scholar
  17. 17.
    Lluch-Lafuente, A., Montanari, U.: Quantitative mu-calculus and ctl defined over constraint semirings. TCS 346(1), 135–160 (2005)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Ciancia, V., Ferrari, G.L.: Co-algebraic models for quantitative spatial logics. ENTCS 190(3), 43–58 (2007)Google Scholar
  19. 19.
    Martinelli, F., Matteucci, I.: A framework for automatic generation of security controller. Softw. Test. Verif. Reliab. 22(8), 563–582 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Vincenzo Ciancia
    • 1
  • Fabio Martinelli
    • 2
  • Matteucci Ilaria
    • 2
  • Charles Morisset
    • 3
  1. 1.CNR-ISTIPisaItaly
  2. 2.CNR-IITPisaItaly
  3. 3.School of Computing ScienceNewcastle UniversityNewcastleUK

Personalised recommendations