Skip to main content
SpringerLink
Log in

Secure States versus Secure Executions

From Access Control to Flow Control

  • Conference paper
Book cover Information Systems Security (ICISS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8303))

Included in the following conference series:

Abstract

Several points of view exist about security policies among which two main approaches can be distinguished: policies can be defined by some properties over states of a system or by some properties over executions of a system. While enforcing a policy specified by some properties over states is rather easy, designing enforcement mechanisms to ensure security properties over executions is more complex. However, enforcing a property over states is sometimes sufficient to ensure a property over executions. In this paper, we investigate these two approaches in order to provide a formal framework that permits to make the bridge between the definition of secure states and security properties over sequences of secure states corresponding to executions. Along the lines of this paper, we illustrate our definitions by considering access control policies defined as properties over states and flow properties over executions of a system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D., LaPadula, L.: Secure Computer Systems: a Mathematical Model. Technical Report MTR-2547 (Vol. II), MITRE Corp., Bedford, MA (May 1973)

    Google Scholar 

  2. Doligez, D., Jaume, M., Rioboo, R.: Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment. In: Proceedings of the ACM SIGPLAN Seventh Workshop on Programming Languages and Analysis for Security (PLAS 2012), pp. 80–91. ACM (2012)

    Google Scholar 

  3. Geller, S., Hauser, C., Tronel, F., Viet Triem Tong, V.: Information flow control for intrusion detection derived from MAC policy. In: IEEE International Conference on Communications (ICC 2011) (2011)

    Google Scholar 

  4. Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the ACM 19, 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  5. Jaume, M.: Security rules versus security properties. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 231–245. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Jaume, M.: Semantic comparison of security policies: From access control policies to flow properties. In: IEEE Symposium on Security and Privacy Workshops, pp. 60–67. IEEE Computer Society (2012)

    Google Scholar 

  7. Jaume, M., Viet Triem Tong, V., Mé, L.: Flow-based interpretation of access control: Detection of illegal information flows. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 72–86. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  8. Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? a survey. Computer Science Review 6(1), 27–45 (2012)

    Article  Google Scholar 

  9. Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Sandhu, R.S.: On five definitions of data integrity. In: Database Security, VII: Status and Prospects. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security. IFIP Transactions, vol. A-47, pp. 257–267 (1993)

    Google Scholar 

  11. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  12. Sandhu, R.S.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)

    Article  Google Scholar 

  13. Viet Triem Tong, V., Clark, A., Mé, L.: Specifying and enforcing a fined-grained information flow policy: Model and experiments. Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications, JOWUA (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIP6, MOVE, University Pierre & Marie Curie, Paris, France

    Mathieu Jaume

  2. SSIR Group (EA 4039), SUPELEC, Rennes, France

    Radoniaina Andriatsimandefitra, Valérie Viet Triem Tong & Ludovic Mé

Authors
  1. Mathieu Jaume
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Radoniaina Andriatsimandefitra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Valérie Viet Triem Tong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ludovic Mé
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Electronics & Communication Sciences Unit, Indian Statistical Institute, 203, B. T. Road, 700108, Kolkata, India

    Aditya Bagchi

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523, Fort Collins, CO, USA

    Indrakshi Ray

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jaume, M., Andriatsimandefitra, R., Tong, V.V.T., Mé, L. (2013). Secure States versus Secure Executions. In: Bagchi, A., Ray, I. (eds) Information Systems Security. ICISS 2013. Lecture Notes in Computer Science, vol 8303. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45204-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-45204-8_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-45203-1

  • Online ISBN: 978-3-642-45204-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation