ACM Transactions on Information and System Security (TISSEC)
Execution monitoring enforcement under memory-limitation constraints
Information and Computation
Regulating Exceptions in Healthcare Using Policy Spaces
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Enforceable security policies revisited
POST'12 Proceedings of the First international conference on Principles of Security and Trust
From qualitative to quantitative enforcement of security policy
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Hi-index | 0.00 |
A run-time enforcement mechanism is a program in charge of ensuring that all the traces of a system satisfy a given security policy. Following Schneider's seminal work, there have been several approaches defining what kind of policies can be automatically enforced, and in particular, non-safety properties cannot be correctly and transparently enforced. In this paper, we first propose to build an enforcement mechanism using an abstract notion of selector. We then propose to quantify the inexact enforcement of a non-safety property by an enforcement mechanism, by considering both the traces leading to a non-secure output by this mechanism and the secure traces not output, thus formalizing an intuitive notion of security/usability tradeoff. Finally, we refine this notion when probabilistic and quantitative information is known about the traces. We illustrate all the different concepts with a running example, representing an abstract policy dealing with emergency situations.