Probabilistic Cost Enforcement of Security Policies

  • Yannis Mallios
  • Lujo Bauer
  • Dilsun Kaynar
  • Fabio Martinelli
  • Charles Morisset
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8203)

Abstract

This paper presents a formal framework for run-time enforcement mechanisms, or monitors, based on probabilistic input/output automata [3,4], which allows for the modeling of complex and interactive systems. We associate with each trace of a monitored system (i.e., a monitor interposed between a system and an environment) a probability and a real number that represents the cost that the actions appearing on the trace incur on the monitored system. This allows us to calculate the probabilistic (expected) cost of the monitor and the monitored system, which we use to classify monitors, not only in the typical sense, e.g., as sound and transparent [17], but also at a more fine-grained level, e.g., as cost-optimal or cost-efficient. We show how a cost-optimal monitor can be built using information about cost and the probabilistic future behavior of the system and the environment, showing how deeper knowledge of a system can lead to construction of more efficient security mechanisms.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Basin, D., Olderog, E.-R., Sevinc, P.E.: Specifying and analyzing security automata using CSP-OZ. In: Proceedings ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 70–81 (2007)Google Scholar
  2. 2.
    Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73–86. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Task-structured probabilistic I/O automata. Technical Report MIT-CSAIL-TR-2006-060 (2006)Google Scholar
  4. 4.
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Task-structured probabilistic i/o automata. In: Proceedings of 8th International Workshop on Discrete Event Systems, pp. 207–214 (2006)Google Scholar
  5. 5.
    Caravagna, G., Costa, G., Pardini, G.: Lazy security controllers. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 33–48. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Chatterjee, K., Doyen, L., Henzinger, T.A.: Quantitative languages. In: Kaminski, M., Martini, S. (eds.) CSL 2008. LNCS, vol. 5213, pp. 385–400. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 222–230 (2007)Google Scholar
  8. 8.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)Google Scholar
  9. 9.
    Drábik, P., Martinelli, F., Morisset, C.: A quantitative approach for inexact enforcement of security policies. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 306–321. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Drábik, P., Martinelli, F., Morisset, C.: Cost-aware runtime enforcement of security policies. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 1–16. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: What can you verify and enforce at runtime? Intl. Jrnl. Software Tools for Tech. Transfer (STTT) 14(3), 349–382 (2012)CrossRefGoogle Scholar
  12. 12.
    Fong, P.W.: Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 43–55 (2004)Google Scholar
  13. 13.
    Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)CrossRefGoogle Scholar
  15. 15.
    Kwiatkowska, M.: Survey of fairness notions. Information and Software Technology 31(7), 371–386 (1989)CrossRefGoogle Scholar
  16. 16.
    Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2), 2–16 (2005)CrossRefGoogle Scholar
  17. 17.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Transactions on Information and System Security 12(3), 1–41 (2009)CrossRefGoogle Scholar
  18. 18.
    Malan, G.R., Watson, D., Jahanian, F., Howell, P.: Transport and application protocol scrubbing. In: Proceedings of INFOCOM 2000, pp. 1381–1390 (2000)Google Scholar
  19. 19.
    Mallios, Y., Bauer, L., Kaynar, D., Ligatti, J.: Enforcing more with less: Formalizing target-aware run-time monitors. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 17–32. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. 20.
    Mallios, Y., Bauer, L., Kaynar, D., Martinelli, F., Morisset, C.: Probabilistic cost enforcement of security policies. Technical Report CMU-CyLab-13-006, CyLab, Carnegie Mellon University (2013)Google Scholar
  21. 21.
    Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci. 179, 31–46 (2007)CrossRefGoogle Scholar
  22. 22.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Yannis Mallios
    • 1
  • Lujo Bauer
    • 1
  • Dilsun Kaynar
    • 1
  • Fabio Martinelli
    • 2
  • Charles Morisset
    • 3
  1. 1.Carnegie Mellon UniversityPittsburghUSA
  2. 2.Istituto di Informatica e TelematicaNational Research CouncilPisaItaly
  3. 3.Newcastle UniversityNewcastleUK

Personalised recommendations