Specifying and analysing run-time security policies for time dependant services

We deal with the issue of specifying security policies that can be enforced by monitoring services execution. Currently, the vast majority of works focus on access control, are based on logics, and offer ways to express high level properties of real-time systems. However, the expressivenes power of such logics does not allow us to express recent usage control requirements (like accounting), and the undecidability of such logics hardens the task of analysing and querying such security policies. Our work offers rather an operational approach, by the use of timed automata to specify and analyse security policies that can be enforced through mechanisms that work by monitoring the system execution. We show how to specify such complex policies as combinations of simpler modular policies. Then for a given set of policies, we suggest methods to analyse and establish whether this set of policies is consistent or not.

[1]  Philip W. L. Fong Access control by tracking shallow execution history , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[2]  Nora Cuppens-Boulahia,et al.  Security policy compliance with violation management , 2007, FMSE '07.

[3]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[4]  Felix Klaedtke,et al.  Runtime Monitoring of Metric First-order Temporal Properties , 2008, FSTTCS.

[5]  Christian Schaefer,et al.  Usage Control Enforcement: Present and Future , 2008, IEEE Security & Privacy.

[6]  Felix Klaedtke,et al.  Monitoring security policies with metric first-order temporal logic , 2010, SACMAT '10.

[7]  Fabio Martinelli,et al.  Through Modeling to Synthesis of Security Automata , 2007, STM.

[8]  Nora Cuppens-Boulahia,et al.  Nomad: a security model with non atomic actions and deadlines , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[9]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[10]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[11]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[12]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.