Enforcing non-safety security policies with program monitors

Jay Ligatti, Lujo Bauer, David Walker

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Scopus citations

Abstract

We consider the enforcement powers of program monitors, which intercept security-sensitive actions of a target application at run time and take remedial steps whenever the target attempts to execute a potentially dangerous action. A common belief in the security community is that program monitors, regardless of the remedial steps available to them when detecting violations, can only enforce safety properties. We formally analyze the properties enforceable by various program monitors and find that although this belief is correct when considering monitors with simple remedial options, it is incorrect for more powerful monitors that can be modeled by edit automata. We define an interesting set of properties called infinite renewal properties and demonstrate how, when given any reasonable infinite renewal property, to construct an edit automaton that provably enforces that property. We analyze the set of infinite renewal properties and show that it includes every safety property, some liveness properties, and some properties that are neither safety nor liveness.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages355-373
Number of pages19
DOIs
StatePublished - 2005
Event10th European Symposium on Research in Computer Security, ESORICS 2005 - Milan, Italy
Duration: Sep 12 2005Sep 14 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3679 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th European Symposium on Research in Computer Security, ESORICS 2005
Country/TerritoryItaly
CityMilan
Period9/12/059/14/05

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Enforcing non-safety security policies with program monitors'. Together they form a unique fingerprint.

Cite this