Abstract
Several points of view exist about security policies among which two main approaches can be distinguished: policies can be defined by some properties over states of a system or by some properties over executions of a system. While enforcing a policy specified by some properties over states is rather easy, designing enforcement mechanisms to ensure security properties over executions is more complex. However, enforcing a property over states is sometimes sufficient to ensure a property over executions. In this paper, we investigate these two approaches in order to provide a formal framework that permits to make the bridge between the definition of secure states and security properties over sequences of secure states corresponding to executions. Along the lines of this paper, we illustrate our definitions by considering access control policies defined as properties over states and flow properties over executions of a system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell, D., LaPadula, L.: Secure Computer Systems: a Mathematical Model. Technical Report MTR-2547 (Vol. II), MITRE Corp., Bedford, MA (May 1973)
Doligez, D., Jaume, M., Rioboo, R.: Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment. In: Proceedings of the ACM SIGPLAN Seventh Workshop on Programming Languages and Analysis for Security (PLAS 2012), pp. 80–91. ACM (2012)
Geller, S., Hauser, C., Tronel, F., Viet Triem Tong, V.: Information flow control for intrusion detection derived from MAC policy. In: IEEE International Conference on Communications (ICC 2011) (2011)
Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the ACM 19, 461–471 (1976)
Jaume, M.: Security rules versus security properties. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 231–245. Springer, Heidelberg (2010)
Jaume, M.: Semantic comparison of security policies: From access control policies to flow properties. In: IEEE Symposium on Security and Privacy Workshops, pp. 60–67. IEEE Computer Society (2012)
Jaume, M., Viet Triem Tong, V., Mé, L.: Flow-based interpretation of access control: Detection of illegal information flows. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 72–86. Springer, Heidelberg (2011)
Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? a survey. Computer Science Review 6(1), 27–45 (2012)
Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)
Sandhu, R.S.: On five definitions of data integrity. In: Database Security, VII: Status and Prospects. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security. IFIP Transactions, vol. A-47, pp. 257–267 (1993)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Sandhu, R.S.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)
Viet Triem Tong, V., Clark, A., Mé, L.: Specifying and enforcing a fined-grained information flow policy: Model and experiments. Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications, JOWUA (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jaume, M., Andriatsimandefitra, R., Tong, V.V.T., Mé, L. (2013). Secure States versus Secure Executions. In: Bagchi, A., Ray, I. (eds) Information Systems Security. ICISS 2013. Lecture Notes in Computer Science, vol 8303. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45204-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-45204-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45203-1
Online ISBN: 978-3-642-45204-8
eBook Packages: Computer ScienceComputer Science (R0)