Enforceable security policies

A precise characterization is given for the class of security policies that can be enforced using mechanisms that work by monitoring system execution, and a class of automata is introduced for specifying those security policies. Techniques to enforce security policies specified by such automata are also discussed. READERS NOTE: A substantially revised version of this document is available at http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR99-1759

[1]  Jeffrey D. Ullman,et al.  Formal languages and their relation to automata , 1969, Addison-Wesley series in computer science and information processing.

[2]  Samuel Eilenberg,et al.  Automata, languages, and machines. A , 1974, Pure and applied mathematics.

[3]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[4]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[5]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  Virgil D. Gligor A Note on Denial-of-Service in Operating Systems , 1984, IEEE Transactions on Software Engineering.

[8]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[9]  Â. È Ê Â Â Û Û Ò Ç ^ R R Ó Ae — Ú Ú Ë Ë Â Ê Ì È Â Ê Â Verifying Temporal Properties without Temporal Logic , 1988 .

[10]  T. Anderson Kernels for Safety ? , 1989 .

[11]  Linda M. Null,et al.  The DIAMOND security policy for object-oriented databases , 1992 .

[12]  Simon S. Lam,et al.  Authorization in distributed systems: a formal approach , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[14]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[15]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  K. G. Wika,et al.  On the enforcement of software safety policies , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[17]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[18]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[19]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  Christopher Small MiSFIT: A Tool for Constructing Safe Extensible C++ Systems , 1997, COOTS.

[21]  Raju Pandey,et al.  Providing Fine-Grained Access Control for Mobile Programs Through Binary Editing , 1998 .

[22]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[23]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[24]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[25]  Robert Grimm,et al.  Providing Policy-Neutral and Transparent Access Control in Extensible Systems , 2001, Secure Internet Programming.

[26]  Kevin Sullivan,et al.  Reconciling behavioral mismatch through component restriction , 1999 .

[27]  MorrisettGreg,et al.  From system F to typed assembly language , 1999 .

[28]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[29]  David E. Evans,et al.  Policy-directed code safety , 2000 .

[30]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[31]  Bowen Alpern,et al.  Verifying Temporal Properties without using Temporal Logic , 2001 .

[32]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.