Enforceable security policies

A precise characterization is given for the class of security policies enforceable with mechanisms that work by monitoring system execution, and automata are introduced for specifying exactly that class of security policies. Techniques to enforce security policies specified by such automata are also discussed.

[1]  Jeffrey D. Ullman,et al.  Formal languages and their relation to automata , 1969, Addison-Wesley series in computer science and information processing.

[2]  Samuel Eilenberg,et al.  Automata, languages, and machines. A , 1974, Pure and applied mathematics.

[3]  A. Field Communications , 1963, The Journal of Asian Studies.

[4]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[5]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[6]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[7]  Douglas T. Ross,et al.  Guest Editorial - Reflections on Requirements , 1977, IEEE Trans. Software Eng..

[8]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[9]  Virgil D. Gligor A Note on Denial-of-Service in Operating Systems , 1984, IEEE Transactions on Software Engineering.

[10]  Leslie Lamport,et al.  Distributed Systems: Methods and Tools for Specification, An Advanced Course, April 3-12, 1984 and April 16-25, 1985, Munich, Germany , 1985, Advanced Course: Distributed Systems.

[11]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[12]  Bowen Alpern,et al.  Verifying temporal properties without temporal logic , 1989, TOPL.

[13]  T. Anderson Kernels for Safety ? , 1989 .

[14]  Linda M. Null,et al.  The DIAMOND security policy for object-oriented databases , 1992 .

[15]  Simon S. Lam,et al.  Authorization in distributed systems: a formal approach , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[17]  T. Anderson,et al.  Eecient Software-based Fault Isolation , 1993 .

[18]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[19]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  K. G. Wika,et al.  On the enforcement of software safety policies , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[21]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[22]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[23]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[24]  Christopher Small MiSFIT: A Tool for Constructing Safe Extensible C++ Systems , 1997, COOTS.

[25]  Raju Pandey,et al.  Providing Fine-Grained Access Control for Mobile Programs Through Binary Editing , 1998 .

[26]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[27]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[28]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[29]  Robert Grimm,et al.  Providing Policy-Neutral and Transparent Access Control in Extensible Systems , 2001, Secure Internet Programming.

[30]  Kevin Sullivan,et al.  Reconciling behavioral mismatch through component restriction , 1999 .

[31]  Karl Crary,et al.  From system F to typed assembly language , 1999 .

[32]  MorrisettGreg,et al.  From system F to typed assembly language , 1999 .

[33]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[34]  David E. Evans,et al.  Policy-directed code safety , 2000 .

[35]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[36]  Bowen Alpern,et al.  Verifying Temporal Properties without using Temporal Logic , 2001 .

[37]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .