Security Enforcement by Rewriting: An Algebraic Approach

This paper introduces a formal program-rewriting approach that can automatically enforce security policies on non trusted programs. For a program P and a security policy \(\varPhi \), we generate another program \(P'\) that respects the security policy and behaves like P except that it stops any execution path whenever the enforced security policy is about to be violated. The presented approach uses the \(\mathcal {E}BPA_{0,1}^*\) algebra which is a variant of BPA (Basic Process Algebra) extended with variables, environments and conditions. The problem of computing the expected enforced program \(P'\) will turn to resolve a linear system which we already know how to extract the solution by a polynomial algorithm.

[1]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[2]  Mahjoub Langar,et al.  Formal enforcement of security policies on concurrent systems , 2011, J. Symb. Comput..

[3]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[4]  Hamido Fujita,et al.  Enforcing Security Policies Using Algebraic Approach , 2008, SoMeT.

[5]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[6]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[7]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[8]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[9]  Mohamed Mejri,et al.  FASER (Formal and Automatic Security Enforcement by Rewriting): An algebraic approach , 2012, 2012 IEEE Symposium on Computational Intelligence for Security and Defence Applications.

[10]  Jan A. Bergstra,et al.  The Algebra of Recursively Defined Processes and the Algebra of Regular Processes , 1984, ICALP.

[11]  Nadia Tawbi,et al.  Corrective Enforcement of Security Policies , 2010, Formal Aspects in Security and Trust.

[12]  Peter Deutsch,et al.  A Flexible Measurement Tool for Software Systems , 1971, IFIP Congress.