ACM Transactions on Information and System Security (TISSEC)
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Foundations for the run-time analysis of software systems
Foundations for the run-time analysis of software systems
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Execution monitoring enforcement under memory-limitation constraints
Information and Computation
Provably Correct Runtime Monitoring
FM '08 Proceedings of the 15th international symposium on Formal Methods
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
Composing expressive runtime security policies
ACM Transactions on Software Engineering and Methodology (TOSEM)
Security Policies Enforcement Using Finite Edit Automata
Electronic Notes in Theoretical Computer Science (ENTCS)
Security Monitor Inlining for Multithreaded Java
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Relationship-based access control policies and their policy languages
Proceedings of the 16th ACM symposium on Access control models and technologies
History-dependent inference control of queries by dynamic policy adaption
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors
ACM Transactions on Information and System Security (TISSEC)
Enforceable security policies revisited
POST'12 Proceedings of the First international conference on Principles of Security and Trust
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
TreeDroid: a tree automaton based approach to enforcing data processing policies
Proceedings of the 2012 ACM conference on Computer and communications security
Enforceable Security Policies Revisited
ACM Transactions on Information and System Security (TISSEC)
Dynamic policy adaptation for inference control of queries to a propositional information system
Journal of Computer Security - DBSec 2011
| Hi-index | 0.01 |
This paper presents a theory of runtime enforcement based on mechanism models called MRAs (Mandatory Results Automata). MRAs can monitor and transform security-relevant actions and their results. Because previous work could not model monitors transforming results, MRAs capture realistic behaviors outside the scope of previous models. MRAs also have a simple but realistic operational semantics that makes it straightforward to define concrete MRAs. Moreover, the definitions of policies and enforcement with MRAs are significantly simpler and more expressive than those of previous models. Putting all these features together, we argue that MRAs make good general models of runtime mechanisms, upon which a theory of runtime enforcement can be based. We develop some enforceability theory by characterizing the policies MRAs can and cannot enforce.