A quantitative approach for inexact enforcement of security policies

Authors:
Peter Drábik;Fabio Martinelli;Charles Morisset
Affiliations:
Security Group, IIT-CNR, Pisa, Italy;Security Group, IIT-CNR, Pisa, Italy;Security Group, IIT-CNR, Pisa, Italy
Venue:
ISC'12 Proceedings of the 15th international conference on Information Security
Year:
2012

Citing 10
Cited 1

Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Execution monitoring enforcement under memory-limitation constraints

Information and Computation
Regulating Exceptions in Healthcare Using Policy Spaces

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Run-Time Enforcement of Nonsafety Policies

ACM Transactions on Information and System Security (TISSEC)
Extending access control models with break-glass

Proceedings of the 14th ACM symposium on Access control models and technologies
Noninterference through Secure Multi-execution

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Predictability of enforcement

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Multiple facets for dynamic information flow

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Quantitative access control with partially-observable Markov decision processes

Proceedings of the second ACM conference on Data and Application Security and Privacy
Enforceable security policies revisited

POST'12 Proceedings of the First international conference on Principles of Security and Trust

From qualitative to quantitative enforcement of security policy

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security

Quantified Score

Hi-index	0.00

Visualization

Abstract

A run-time enforcement mechanism is a program in charge of ensuring that all the traces of a system satisfy a given security policy. Following Schneider's seminal work, there have been several approaches defining what kind of policies can be automatically enforced, and in particular, non-safety properties cannot be correctly and transparently enforced. In this paper, we first propose to build an enforcement mechanism using an abstract notion of selector. We then propose to quantify the inexact enforcement of a non-safety property by an enforcement mechanism, by considering both the traces leading to a non-secure output by this mechanism and the secure traces not output, thus formalizing an intuitive notion of security/usability tradeoff. Finally, we refine this notion when probabilistic and quantitative information is known about the traces. We illustrate all the different concepts with a running example, representing an abstract policy dealing with emergency situations.