ACM Transactions on Information and System Security (TISSEC)
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Execution monitoring enforcement under memory-limitation constraints
Information and Computation
Security Policies Enforcement Using Finite Edit Automata
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards Practical Enforcement Theories
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Generating In-Line Monitors for Rabin Automata
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Using equivalence relations for corrective enforcement of security policies
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors
ACM Transactions on Information and System Security (TISSEC)
FASER Formal and Automatic Security Enforcement by Rewriting by BPA algebra with test
International Journal of Grid and Utility Computing
Hi-index | 0.00 |
Monitoring is a powerful security policy enforcement paradigm that allows the execution of a potentially malicious software by observing and transforming it, thus ensuring its compliance with a user-defined security policy. Yet some restrictions must be imposed on the monitor's ability to transform sequences for the enforcement to be meaningful. The intuition behind our model is that the monitor should be bounded to output a sequence that both respects the desired security property and preserves key elements of the execution's semantics. An approximation of the sequence is executed rather than an equivalent one. This approximation must preserve the essential behavior of the sequence as intended by the user. In this paper, we propose a framework to express and study such a restriction based on partial orders. We give several examples of real-life security policies and propose monitors capable of enforcing these properties. We then turn to the question of comparing several monitors enforcing the same security property.