Run-time security evaluation: can we afford it?
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
History-based access control for mobile code
Secure Internet programming
| Hi-index | 0.01 |
Formal security specifications for a distributed application can be checked for compliance at run-time using executable security assertions. We propose the Run-Time Security Evaluation (RTSE) method which makes use of histories/traces of events, assertions and operational evaluation in the distributed environment to ensure the security specifications for the application are fulfilled at run-time. A model problem is used to aid in developing the security requirements formally.