Skip to main content
SpringerLink
Log in

Lazy Security Controllers

  • Conference paper
Book cover Security and Trust Management (STM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7783))

Included in the following conference series:

Abstract

Security controllers follow the execution of the target systems to prevent security violations. In fact, by proactively observing the target, they are able to catch security violations before they occur and act consequently, such as by interrupting the execution. In this paper we define a novel category of security controllers called lazy controllers, a conservative extension of standard controllers which routinely suspend the observation of the target for different time spans, in order to reduce the cost of monitoring and increase performance, at the expense of the possibility of missing a violation.

We show how a proactive truncation controller can be extended to the lazy setting, and we formally characterize the relation between the length of suspended time spans and the actual violation risk, which constitutes the formal ground of our approach. This allows the actual time of suspension to be determined according to a given maximum bearable risk. Precisely, we formally investigate three classes of systems, namely non-deterministic, probabilistic, and stochastic systems.

This work has been partially supported by EU-funded projects FP7-257876 SPaCIoS.

This work started when the three authors were employed at IIT-CNR, Pisa, Italy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Skalka, C., Smith, S.: Static enforcement of security with types. SIGPLAN Notices 35, 34–45 (2000)

    Article  Google Scholar 

  2. Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Types and effects for resource usage analysis. In: Seidl, H. (ed.) FOSSACS 2007. LNCS, vol. 4423, pp. 32–47. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-contract: Toward a semantics for digital signatures on mobile code. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 297–312. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Int. J. on Software Tools for Technology Transfer (STTT), 1–34 (2011)

    Google Scholar 

  5. Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3, 30–50 (2000)

    Article  Google Scholar 

  6. Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. of Information Security 4, 2–16 (2005)

    Article  Google Scholar 

  7. Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electronic Notes in Theoretical Computer Science 179, 31–46 (2007)

    Article  Google Scholar 

  8. Martinelli, F., Matteucci, I.: Synthesis of local controller programs for enforcing global security properties. In: Proceedings of ARES 2008, pp. 1120–1127 (2008)

    Google Scholar 

  9. Falcone, Y.: You should better enforce than verify. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 89–105. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Garfinkel, S., Spafford, G.: Practical Unix and Internet security, 2nd edn. O’Reilly & Associates, Inc., Sebastopol (1996)

    Google Scholar 

  11. Axelsson, S., Lindqvist, U., Gustafson, U., Jonsson, E.: An Approach to UNIX Security Logging. In: Proceedings of the 21st NIST-NCSC, pp. 62–75 (1998)

    Google Scholar 

  12. Abad, C., Taylor, J., Zhou, Y., Sengul, C., Rowe, K., Yurcik, W.: Log Correlation for Intrusion Detection: A Proof of Concept. In: Proceedings ACSAC 2003 (2003)

    Google Scholar 

  13. Plotkin, G.: A Structural Approach to Operational Semantics. In: Technical Report DAIMI FN-19, Denmark, Aarhus University (1981)

    Google Scholar 

  14. Plotkin, G.: The Origins of Structural Operational Semantics. In: Journal of Logic and Algebraic Programming. 60-61, 3–15 (2004)

    Google Scholar 

  15. Costa, G., Caravagna, G., Pardini, G., Wiegand, L.: Lazy Monitoring for Distributed Computing Environments. In: Proceedings of IMIS (2012)

    Google Scholar 

  16. Pnueli, A.: The temporal logic of programs. In: 18th FOCS, pp. 46–57. IEEE (1977)

    Google Scholar 

  17. Büchi, J.R.: On a Decision Method in Restricted Second-Order Arithmetic. In: Int. Cong. on Logic, Methodology, and Philosophy of Science, pp. 1–11 (1962)

    Google Scholar 

  18. Kupferman, O., Vardi, M.Y.: Model checking of safety properties. Formal Methods in System Design 19, 291–314 (2001)

    Article  MATH  Google Scholar 

  19. Ross, S.M.: Introduction to Probability Models, 9th edn. Academic Press (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DISCO, Università degli Studi di Milano-Bicocca, Italy

    Giulio Caravagna

  2. DIST, Università di Genova, Italy

    Gabriele Costa

  3. Dipartimento di Informatica, Università degli Studi di Verona, Italy

    Giovanni Pardini

Authors
  1. Giulio Caravagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabriele Costa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giovanni Pardini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, University of Oslo, P.O.Box 1080, 0316, Blindern, Oslo, Norway

    Audun Jøsang

  2. Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, CR, Italy

    Pierangela Samarati

  3. National Research Center(CNR), Institute of Informatics and Telematics(IIT), Via G. Moruzzi, 1, 56124, Pisa, Italy

    Marinella Petrocchi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Caravagna, G., Costa, G., Pardini, G. (2013). Lazy Security Controllers. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38004-4_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38003-7

  • Online ISBN: 978-3-642-38004-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation