Distributed systems: methods and tools for specification. An advanced course
Distributed systems: methods and tools for specification. An advanced course
The complexity of propositional linear temporal logics
Journal of the ACM (JACM)
Specifying real-time properties with metric temporal logic
Real-Time Systems
Information Processing Letters
Journal of the ACM (JACM)
Reasoning about infinite computations
Information and Computation
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Characterization of Temporal Property Classes
ICALP '92 Proceedings of the 19th International Colloquium on Automata, Languages and Programming
Logics and Models of Real Time: A Survey
Proceedings of the Real-Time: Theory in Practice, REX Workshop
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Foundations for the run-time analysis of software systems
Foundations for the run-time analysis of software systems
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Specifying and analyzing security automata using CSP-OZ
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
Space-bounded reducibility among combinatorial problems
Journal of Computer and System Sciences
Monitoring security policies with metric first-order temporal logic
Proceedings of the 15th ACM symposium on Access control models and technologies
On regular temporal logics with past
Acta Informatica
A theory of runtime enforcement, with results
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Runtime enforcement monitors: composition, synthesis, and enforcement abilities
Formal Methods in System Design
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Monitoring Usage-Control Policies in Distributed Systems
TIME '11 Proceedings of the 2011 Eighteenth International Symposium on Temporal Representation and Reasoning
A quantitative approach for inexact enforcement of security policies
ISC'12 Proceedings of the 15th international conference on Information Security
From qualitative to quantitative enforcement of security policy
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Enforceable Security Policies Revisited
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
We revisit Schneider's work on policy enforcement by execution monitoring. We overcome limitations of Schneider's setting by distinguishing between system actions that are controllable by an enforcement mechanism and those actions that are only observable, that is, the enforcement mechanism cannot prevent their execution. For this refined setting, we give necessary and sufficient conditions on when a security policy is enforceable. To state these conditions, we generalize the standard notion of safety properties. Our classification of system actions also allows one, for example, to reason about the enforceability of policies that involve timing constraints. Furthermore, for different specification languages, we investigate the decision problem of whether a given policy is enforceable. We provide complexity results and show how to synthesize an enforcement mechanism from an enforceable policy.