Abstract
The current theory of runtime enforcement is based on two properties for evaluating an enforcement mechanism: soundness and transparency. Soundness defines that the output is always good (“no bad traces slip out”) and transparency defines that good input is not changed (“no surprises on good traces”). However, in practical applications it is also important to specify how bad traces are fixed so that the system exhibits a reasonable behavior. We propose a new notion of predictability which can be defined in the same spirit of continuity in real-functions calculus. It defines that there are “no surprises on bad input”. We discuss this idea based on the feedback of an industrial case study on e-Health.
We would like to thank Marta Zambetti, Marco Nalin, Andrea Micheletti and Daniela Marino from the Hospital San Raffaele for many useful discussions that helped to shape our proposal. This work has been partly supported by the EU under the projects EU-IP-MASTER, EU-FET-IP-SecureChange and EU-NoE-NESSoS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Pontryagin, L.S., Arkhangel’skii, A.V. (eds.): General topology I: basic concepts and constructions, dimension theory. Springer, Heidelberg (1990)
Bauer, L., Ligatti, J., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. of Inform. Sec. 4(1-2), 2–16 (2005)
Bielova, N., Massacci, F., Micheletti, A.: Towards practical enforcement theories. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 239–254. Springer, Heidelberg (2009)
Brown, A., Ryan, M.: Synthesising monitors from high-level policies for the safe execution of untrusted software. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 233–247. Springer, Heidelberg (2008)
Chatterjee, K., Doyen, L., Henzinger, T.A.: Expressiveness and closure properties for quantitative languages. Comp. Research Repository, abs/1007.4018 (2010)
Cohn, D.L.: Measure Theory. Birkhauser, Basel (1980)
Desmet, L., Joosen, W., Massacci, F., Philippaerts, P., Piessens, F., Siahaan, I., Vanoverberghe, D.: Security-by-contract on the .net platform. Information Security Technical Report 13(1), 25–32 (2008)
Erlingsson, U.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell University (2003)
Falcone, Y., Fernandez, J.-C., Mounier, L.: Enforcement monitoring wrt. the safety-progress classification of properties. In: Proc. of 24th ACM Symp. on Applied Computing – Software Verif. and Test. Track, pp. 593–600. ACM Press, New York (2009)
Gheorghe, G., Neuhaus, S., Crispo, B.: xESB: An enterprise service bus for access and usage control policy enforcement. In: IFIPTM 2010. IFIP Advances in Information and Communication Technology, vol. 321, pp. 63–78. Springer, Heidelberg (2010)
Khoury, R., Tawbi, N.: Using Equivalence Relations for Corrective Enforcement of Security Policies. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 139–154. Springer, Heidelberg (2010)
Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics Doklady 10(8), 707–710 (1966); An English translation of the “Physics Sections” of the Proceedings of the Academy of Sciences of the USSR
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. on Inform. and Sys. Security 12(3), 1–41 (2009)
Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)
Matthews, S.G.: Partial metric topology. In: Proceedings of the 8th Summer Conference, Queen’s College, vol. 728, pp. 183–197. Annals of the New York Academy of Sciences (1994)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. on Inform. and Sys. Security 7(1), 128–174 (2004)
Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: Proc. of ACM Symp. on Inform., Comp. and Comm. Security, pp. 47–60. ACM Press, New York (2009)
Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Proc. of ACM Symp. on Inform. Comp. and Comm. Security, pp. 240–244. ACM Press, New York (2008)
Schneider, F.B.: Enforceable security policies. ACM Trans. on Inform. and Sys. Security 3(1), 30–50 (2000)
Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitation constraints. Inform. and Comp. 206(2-4), 158–184 (2007)
Yun, D., Chander, A., Islam, N., Serikov, I.: Javascript instrumentation for browser security. In: Proc. of the 34th ACM SIGPLAN-SIGACT Symp. on Princ. of Prog. Lang., pp. 237–249. ACM Press, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bielova, N., Massacci, F. (2011). Predictability of Enforcement. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-19125-1_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19124-4
Online ISBN: 978-3-642-19125-1
eBook Packages: Computer ScienceComputer Science (R0)