Synthesizing Enforcement Monitors wrt. the Safety-Progress Classification of Properties

Authors:
Yliès Falcone;Jean-Claude Fernandez;Laurent Mounier
Affiliations:
VERIMAG, Université Grenoble I, INPG, CNRS,;VERIMAG, Université Grenoble I, INPG, CNRS,;VERIMAG, Université Grenoble I, INPG, CNRS,
Venue:
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Year:
2008

Citing 10
Cited 4

A hierarchy of temporal properties (invited paper, 1989)

PODC '90 Proceedings of the ninth annual ACM symposium on Principles of distributed computing
Property specification patterns for finite-state verification

FMSP '98 Proceedings of the second workshop on Formal methods in software practice
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Characterization of Temporal Property Classes

ICALP '92 Proceedings of the 19th International Colloquium on Automata, Languages and Programming
Propositional Dynamic Logic of looping and converse

STOC '81 Proceedings of the thirteenth annual ACM symposium on Theory of computing
Defining Liveness

Defining Liveness
Foundations for the run-time analysis of software systems

Foundations for the run-time analysis of software systems
Computability classes for enforcement mechanisms

ACM Transactions on Programming Languages and Systems (TOPLAS)
Proving the Correctness of Multiprocess Programs

IEEE Transactions on Software Engineering
Enforcing non-safety security policies with program monitors

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

You should better enforce than verify

RV'10 Proceedings of the First international conference on Runtime verification
Runtime enforcement monitors: composition, synthesis, and enforcement abilities

Formal Methods in System Design
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors

ACM Transactions on Information and System Security (TISSEC)
Iterative enforcement by suppression: Towards practical enforcement theories

Journal of Computer Security - ARSPA-WITS'10

Quantified Score

Hi-index	0.00

Visualization

Abstract

Runtime enforcement is a powerful technique to ensure that a program will respect a given security policy. We extend previous works on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general safety-progress classification of properties. It allows a fine-grain characterization of the space of enforceable properties. Finally, we propose a systematic technique to produce an enforcement monitor from the Streett automaton recognizing a given safety, guarantee, obligation or response security property.