ConSpec - A formal language for policy specification

The paper presents ConSpec, an automata-based policy specification language. The language trades off clean semantics to language expressiveness; a formal semantics for the language is provided as security automata. ConSpec specifications can be used at different stages of the application lifecycle, rendering possible the formalization of various policy enforcement techniques.

[1]  Fabio Massacci,et al.  Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code , 2007, EuroPKI.

[2]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[3]  John E. Hopcroft On the equivalence and containment problems for context-free languages , 2005, Mathematical systems theory.

[4]  Javier Esparza,et al.  Model checking LTL with regular valuations for pushdown systems , 2001, Inf. Comput..

[5]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[6]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.

[7]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[8]  Dilian Gurov,et al.  Provably Correct Runtime Monitoring , 2008, FM.

[9]  Harry B. Hunt,et al.  On Equivalence and Containment Problems for Formal Languages , 1977, JACM.

[10]  Daniel C. DuVarney,et al.  Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[11]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[12]  Grigore Rosu,et al.  Efficient monitoring of safety properties , 2004, International Journal on Software Tools for Technology Transfer.

[13]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[14]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[15]  Frank Piessens,et al.  A Caller-Side Inline Reference Monitor for an Object-Oriented Intermediate Language , 2008, FMOODS.

[16]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[17]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[18]  Lujo Bauer,et al.  A Language and System for Composing Security Policies , 2004 .

[19]  Zohar Manna,et al.  A Decision Algorithm for Full Propositional Temporal Logic , 1993, CAV.

[20]  Úlfar Erlingsson,et al.  The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[21]  Lujo Bauer,et al.  Composing Expressive Run-time Security Policies , 2007 .