Entry Khoury:2012:CEN from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Khoury:2012:CEN,
  author =       "Rapha{\"e}l Khoury and Nadia Tawbi",
  title =        "Corrective Enforcement: a New Paradigm of Security
                 Policy Enforcement by Monitors",
  journal =      j-TISSEC,
  volume =       "15",
  number =       "2",
  pages =        "10:1--10:??",
  month =        jul,
  year =         "2012",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2240276.2240281",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Jul 31 17:02:31 MDT 2012",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Runtime monitoring is an increasingly popular method
                 to ensure the safe execution of untrusted codes.
                 Monitors observe and transform the execution of these
                 codes, responding when needed to correct or prevent a
                 violation of a user-defined security policy. Prior
                 research has shown that the set of properties monitors
                 can enforce correlates with the latitude they are given
                 to transform and alter the target execution. But for
                 enforcement to be meaningful this capacity must be
                 constrained, otherwise the monitor can enforce any
                 property, but not necessarily in a manner that is
                 useful or desirable. However, such constraints have not
                 been significantly addressed in prior work. In this
                 article, we develop a new paradigm of security policy
                 enforcement in which the behavior of the enforcement
                 mechanism is restricted to ensure that valid aspects
                 present in the execution are preserved notwithstanding
                 any transformation it may perform. These restrictions
                 capture the desired behavior of valid executions of the
                 program, and are stated by way of a preorder over
                 sequences. The resulting model is closer than previous
                 ones to what would be expected of a real-life monitor,
                 from which we demand a minimal footprint on both valid
                 and invalid executions. We illustrate this framework
                 with examples of real-life security properties. Since
                 several different enforcement alternatives of the same
                 property are made possible by the flexibility of this
                 type of enforcement, our study also provides metrics
                 that allow the user to compare monitors objectively and
                 choose the best enforcement paradigm for a given
                 situation.",
  acknowledgement = ack-nhfb,
  articleno =    "10",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries