Skip to main content
SpringerLink
Log in

Quantitative Evaluation of Enforcement Strategies

Position Paper

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8352))

Included in the following conference series:

Abstract

A security enforcement mechanism runs in parallel with a system to check and modify its run-time behaviour, so that it satisfies some security policy. For each policy, several enforcement strategies are possible, usually reflecting trade-offs one has to make to satisfy the policy. To evaluate them, multiple dimensions, such as security, cost of implementation, or cost of attack, must be taken into account. We propose a formal framework for the quantification of enforcement strategies, extending the notion of controller processes (mimicking the well-known edit automata) with weights on transitions, valued in a semiring.

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grants no 256980 (NESSoS) and no 295354 (SESAMO). This work has been also partially supported by the TENACE PRIN Project (no 20103P34XC) funded by the Italian Ministry of Education, University and Research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. LNCS, vol. 2962. Springer, Heidelberg (2004)

    Book  Google Scholar 

  2. Schneider, F.B.: Enforceable security policies. ACM TISSEC 3(1), 30–50 (2000)

    Article  Google Scholar 

  3. Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. ENTCS 179, 31–46 (2007)

    Google Scholar 

  4. Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? a survey. Comput. Sci. Rev. 6(1), 27–45 (2012)

    Article  Google Scholar 

  5. Bauer, L., Ligatti, J., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2005)

    Google Scholar 

  6. Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)

    Google Scholar 

  7. Buchholz, P., Kemper, P.: Quantifying the dynamic behavior of process algebras. In: de Luca, L., Gilmore, S. (eds.) PAPM-PROBMIV 2001. LNCS, vol. 2165, pp. 184–199. Springer, Heidelberg (2001)

    Google Scholar 

  8. Easwaran, A., Kannan, S., Lee, I.: Optimal control of software ensuring safety and functionality. Technical report MS-CIS-05-20, University of Pennsylvania (2005)

    Google Scholar 

  9. Martinelli, F., Morisset, C.: Quantitative access control with partially-observable markov decision processes. In: Proceedings of CODASPY ’12, pp. 169–180. ACM (2012)

    Google Scholar 

  10. Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73–86. Springer, Heidelberg (2011)

    Google Scholar 

  11. Khoury, R., Tawbi, N.: Corrective enforcement: a new paradigm of security policy enforcement by monitors. ACM Trans. Inf. Syst. Secur. 15(2), 10:1–10:27 (2012)

    Article  Google Scholar 

  12. Drábik, P., Martinelli, F., Morisset, C.: Cost-aware runtime enforcement of security policies. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 1–16. Springer, Heidelberg (2013)

    Google Scholar 

  13. Martinelli, F., Matteucci, I., Morisset, C.: From qualitative to quantitative enforcement of security policy. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 22–35. Springer, Heidelberg (2012)

    Google Scholar 

  14. Drábik, P., Martinelli, F., Morisset, C.: A quantitative approach for inexact enforcement of security policies. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 306–321. Springer, Heidelberg (2012)

    Google Scholar 

  15. Caravagna, G., Costa, G., Pardini, G.: Lazy security controllers. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 33–48. Springer, Heidelberg (2013)

    Google Scholar 

  16. Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 309–328. Springer, Heidelberg (2012)

    Google Scholar 

  17. Lluch-Lafuente, A., Montanari, U.: Quantitative mu-calculus and ctl defined over constraint semirings. TCS 346(1), 135–160 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  18. Ciancia, V., Ferrari, G.L.: Co-algebraic models for quantitative spatial logics. ENTCS 190(3), 43–58 (2007)

    Google Scholar 

  19. Martinelli, F., Matteucci, I.: A framework for automatic generation of security controller. Softw. Test. Verif. Reliab. 22(8), 563–582 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CNR-ISTI, Via Moruzzi 1, 56124, Pisa, Italy

    Vincenzo Ciancia

  2. CNR-IIT, Via Moruzzi 1, 56124, Pisa, Italy

    Fabio Martinelli & Matteucci Ilaria

  3. School of Computing Science, Newcastle University, NE17RU, Newcastle, UK

    Charles Morisset

Authors
  1. Vincenzo Ciancia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Matteucci Ilaria
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Charles Morisset
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matteucci Ilaria .

Editor information

Editors and Affiliations

  1. Dept. Commun. & Electronique, Télécom ParisTech, Paris, France

    Jean Luc Danger

  2. Concordia Institute for Information Syst Concordia University Research Chair Tier, Concordia University, Montreal, Québec, Canada

    Mourad Debbabi

  3. École des Mines, Nancy, France

    Jean-Yves Marion

  4. RST Department, Rm A105-2, Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  5. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Ciancia, V., Martinelli, F., Ilaria, M., Morisset, C. (2014). Quantitative Evaluation of Enforcement Strategies. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05302-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05301-1

  • Online ISBN: 978-3-319-05302-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation