ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Enforceable security policies
Full text PdfPdf (148 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 3 ,  Issue 1  (February 2000) table of contents
Pages: 30 - 50  
Year of Publication: 2000
ISSN:1094-9224
Author
Fred B. Schneider  Cornell Univ., Ithaca, NY
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 50,   Downloads (12 Months): 370,   Citation Count: 114
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/353323.353382
What is a DOI?

ABSTRACT

A precise characterization is given for the class of security policies enforceable with mechanisms that work by monitoring system execution, and automata are introduced for specifying exactly that class of security policies. Techniques to enforce security policies specified by such automata are also discussed.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ALPERN, B. AND SCHNEIDER, F. B. 1985. Defining liveness. Inf. Process. Lett. 21, 4 (Oct.), 181-185.
 
2
ALPERN, B. AND SCHNEIDER, F. B. 1987. Recognizing safety and liveness. Distrib. Comput. 2, 117-126.
3
Bowen Alpern , Fred B. Schneider, Verifying temporal properties without temporal logic, ACM Transactions on Programming Languages and Systems (TOPLAS), v.11 n.1, p.147-167, Jan. 1989  [doi>10.1145/59287.62028]
4
Edsger W. Dijkstra, Guarded commands, nondeterminacy and formal derivation of programs, Communications of the ACM, v.18 n.8, p.453-457, Aug. 1975  [doi>10.1145/360933.360975]
5
Guy Edjlali , Anurag Acharya , Vipin Chaudhary, History-based access control for mobile code, Proceedings of the 5th ACM conference on Computer and communications security, p.38-48, November 02-05, 1998, San Francisco, California, United States  [doi>10.1145/288090.288102]
 
6
Samuel Eilenberg, Automata, Languages, and Machines, Academic Press, Inc., Orlando, FL, 1974
7
Úlfar Erlingsson , Fred B. Schneider, SASI enforcement of security policies: a retrospective, Proceedings of the 1999 workshop on New security paradigms, p.87-95, September 22-24, 1999, Caledon Hills, Ontario, Canada  [doi>10.1145/335169.335201]
 
8
EVANS, D. AND TWYMAN, A. 1999. Policy-directed code safety. In Proceedings of the 1999 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, CA, May), IEEE Computer Society Press, Los Alamitos, CA, 32-45.
 
9
Virgil D. Gligor, A note on denial-of-service in operating systems, IEEE Transactions on Software Engineering, v.10 n.3, p.320-324, May 1984  [doi>10.1109/TSE.1984.5010241]
 
10
GLIGOR, V. D., GAVRILA, S., AND FERRAIOLO, D. 1998. On the formal definition of separationof-duty policies and their composition. In Proceedings of the 1998 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, CA, May), IEEE Computer Society Press, Los Alamitos, CA, 172-183.
 
11
GOGUEN, g. A. AND MESEGUER, g. 1982. Security policies and security models. In Proceedings of the 1982 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, CA, May), IEEE Computer Society Press, Los Alamitos, CA, 11-20.
 
12
Li Gong, Java Security: Present and Near Future, IEEE Micro, v.17 n.3, p.14-19, May 1997  [doi>10.1109/40.591650]
 
13
Robert Grimm , Brian N. Bershad, Providing policy-neutral and transparent access control in extensible systems, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
 
14
John E. Hopcroft , Jeffrey D. Ullman, Formal languages and their relation to automata, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1969
 
15
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
 
16
Neil D. Jones , Carsten K. Gomard , Peter Sestoft, Partial evaluation and automatic program generation, Prentice-Hall, Inc., Upper Saddle River, NJ, 1993
 
17
LAMPORT, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3, 2 (Mar.), 125-143.
 
18
M. W. Alford , J. P. Ansart , G. Hommel , L. Lamport , B. Liskov , G. P. Mullery , F. B. Schneider, Distributed systems: methods and tools for specification. An advanced course, Springer-Verlag New York, Inc., New York, NY, 1985
 
19
LAMPSON, B. 1974. Protection. In Proceedings of the 5th Symposium on Information Sciences and Systems (Princeton, NJ, Mar.), 437-443.
 
20
Tim Lindholm , Frank Yellin, Java Virtual Machine Specification, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
 
21
MARCHUKOV, M. AND SULLIVAN, K. 1999. Reconciling behavioral mismatch through component restriction. CS 99-22. Department of Computer Science, University of Virginia, Charlottesville, VA. Technical Report
 
22
John McLean, A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions, Proceedings of the 1994 IEEE Symposium on Security and Privacy, p.79, May 16-18, 1994
23
Greg Morrisett , David Walker , Karl Crary , Neal Glew, From system F to typed assembly language, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.85-97, January 19-21, 1998, San Diego, California, United States  [doi>10.1145/268946.268954]
24
George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France  [doi>10.1145/263699.263712]
25
George C. Necula , Peter Lee, The design and implementation of a certifying compiler, ACM SIGPLAN Notices, v.33 n.5, p.333-344, May 1998
26
Linda M. Null , Johnny Wong, The DIAMOND security policy for object-oriented databases, Proceedings of the 1992 ACM annual conference on Communications, p.49-56, March 03-05, 1992, Kansas City, Missouri, United States  [doi>10.1145/131214.131221]
 
27
PANDEY, R. AND HASHII, B. 1998. Providing fine grained access control for mobile programs through binary editing. TR98 08. Department of Computer Science, University of California at Davis, Davis, CA.
 
28
RUSHBY, J. 1989. Kernels for safety? In Safe and Secure Computing Systems, T. Anderson, Ed. Blackwell Scientific Publications, Ltd., Oxford, UK, 210-220.
 
29
SALTZER, J. H. AND SCHROEDER, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sept.), 1278-1308.
 
30
SMALL, C. 1997. Misfit: A tool for constructing safe extensible C+ + systems. In Proceedings of the 3rd USENIX Conference on Object-Oriented Technologies (Portland, OR, June), USENIX Assoc., Berkeley, CA, 38-48.
 
31
STEFIK, M. 1996. Letting loose the light: Igniting commerce in electronic publication. In Internet Dreams, M. Stefik, Ed. MIT Press, Cambridge, MA.
32
Robert Wahbe , Steven Lucco , Thomas E. Anderson , Susan L. Graham, Efficient software-based fault isolation, Proceedings of the fourteenth ACM symposium on Operating systems principles, p.203-216, December 05-08, 1993, Asheville, North Carolina, United States
 
33
WIKA, K. G. AND KNIGHT, J. C. 1995. On the enforcement of software safety policies. In Proceedings of the lOth Annual IEEE Conference on Computer Assurance (COMPASS '95, Gaithersburg, MD, June), IEEE Computer Society Press, Los Alamitos, CA.
 
34
Authorization in Distributed Systems: A Formal Approach, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.33, May 04-06, 1992

CITED BY  114
David Walker , Karl Crary , Greg Morrisett, Typed memory management via static capabilities, ACM Transactions on Programming Languages and Systems (TOPLAS), v.22 n.4, p.701-771, July 2000
R. Sekar , C. R. Ramakrishnan , I. V. Ramakrishnan , S. A. Smolka, Model-Carrying Code (MCC): a new paradigm for mobile-code security, Proceedings of the 2001 workshop on New security paradigms, September 10-13, 2001, Cloudcroft, New Mexico
Charles E. Phillips, Jr. , T.C. Ting , Steven A. Demurjian, Information sharing and security in dynamic coalitions, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
Patrick Cousot , Radhia Cousot, Systematic design of program transformation frameworks by abstract interpretation, ACM SIGPLAN Notices, v.37 n.1, p.178-190, Jan. 2002
Steve Zdancewic , Lantian Zheng , Nathaniel Nystrom , Andrew C. Myers, Untrusted hosts and confidentiality: secure program partitioning, ACM SIGOPS Operating Systems Review, v.35 n.5, Dec. 2001
Robert Grimm , Brian N. Bershad, Separating access control policy, enforcement, and functionality in extensible systems, ACM Transactions on Computer Systems (TOCS), v.19 n.1, p.36-70, Feb. 2001
Thomas Ball , Sriram K. Rajamani, The SLAM project: debugging system software via static analysis, ACM SIGPLAN Notices, v.37 n.1, p.1-3, Jan. 2002
Kevin W. Hamlen , Greg Morrisett , Fred B. Schneider, Computability classes for enforcement mechanisms, ACM Transactions on Programming Languages and Systems (TOPLAS), v.28 n.1, p.175-205, January 2006
David Wagner , Paolo Soto, Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
Ian Welch , Robert J. Stroud, Using reflection as a mechanism for enforcing security policies on compiled code, Journal of Computer Security, v.10 n.4, p.399-432, December 2002
Panagiotis Manolios , Richard Trefler, A lattice-theoretic characterization of safety and liveness, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.325-333, July 13-16, 2003, Boston, Massachusetts
Gary McGraw , Greg Morrisett, Attacking Malicious Code: A Report to the Infosec Research Council, IEEE Software, v.17 n.5, p.33-41, September 2000
Shih-Chien Chou, Embedding role-based access control model in object-oriented systems to protect privacy, Journal of Systems and Software, v.71 n.1-2, p.143-161, April 2004
Vijay V. Raghavan, Toward an integrative model of application-software security, Practicing software engineering in the 21st century, Idea Group Publishing, Hershey, PA, 2003
R. Sekar , V.N. Venkatakrishnan , Samik Basu , Sandeep Bhatkar , Daniel C. DuVarney, Model-carrying code: a practical approach for safe execution of untrusted applications, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
Frédéric Besson , Thomas de Grenier de Latour , Thomas Jensen, Secure calling contexts for stack inspection, Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.76-87, October 06-08, 2002, Pittsburgh, PA, USA
Michael McDougall , Rajeev Alur , Carl A. Gunter, A model-based approach to integrating security policies for embedded devices, Proceedings of the 4th ACM international conference on Embedded software, September 27-29, 2004, Pisa, Italy
Yao-Wen Huang , Fang Yu , Christian Hang , Chung-Hung Tsai , Der-Tsai Lee , Sy-Yen Kuo, Securing web application code by static analysis and runtime protection, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA
Arnab Ray, Security check: a formal yet practical framework for secure software architecture, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland
J. J. Whitmore, A method for designing secure solutions, IBM Systems Journal, v.40 n.3, p.747-768, March 2001
Shih-Chien Chou, Providing flexible access control to an information flow control model, Journal of Systems and Software, v.73 n.3, p.425-439, November-December 2004
James Ezick, Resolving and applying constraint queries on context-sensitive analyses, Proceedings of the ACM-SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, June 07-08, 2004, Washington DC, USA
François Siewe , Antonio Cau , Hussein Zedan, A compositional framework for access control policies enforcement, Proceedings of the 2003 ACM workshop on Formal methods in security engineering, p.32-42, October 30, 2003, Washington, D.C.
Alan Shieh , Dan Williams , Emin Gün Sirer , Fred B. Schneider, Nexus: a new operating system for trustworthy computing, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
Zaid Dwaikat , Francesco Parisi-Presicce, Risky trust: risk-based analysis of software systems, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
Christian Skalka, Trace effects and object orientation, Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.139-150, July 11-13, 2005, Lisbon, Portugal
Lujo Bauer , Jay Ligatti , David Walker, Composing security policies with polymer, ACM SIGPLAN Notices, v.40 n.6, June 2005
François Pottier , Christian Skalka , Scott Smith, A systematic approach to static access control, ACM Transactions on Programming Languages and Systems (TOPLAS), v.27 n.2, p.344-382, March 2005
Karl Krukow , Mogens Nielsen , Vladimiro Sassone, A framework for concrete reputation-systems with applications to history-based access control, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Shih-Chien Chou , Chin-Yi Chang, An information flow control model for C applications based on access control lists, Journal of Systems and Software, v.78 n.1, p.84-100, October 2005
Prasad Naldurg , Roy H. Campbell, Dynamic access control: preserving safety and trust for network defense operations, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Massimo Bartoletti , Pierpaolo Degano , Gian Luigi Ferrari, Policy framings for access control, Proceedings of the 2005 workshop on Issues in the theory of security, p.5-11, January 10-11, 2005, Long Beach, California
Vir V. Phoha , Amit U. Nadgar , Asok Ray , Shashi Phoha, Supervisory Control of Software Systems, IEEE Transactions on Computers, v.53 n.9, p.1187-1199, September 2004
Susan J. Chinburg , Ramesh Sharda , Mark Weiser, Establishing the business value of network security using analytical hierarchy process, Creating business value with information technology: challenges and solutions, Idea Group Publishing, Hershey, PA, 2003
Ran Shaham , Eran Yahav , Elliot K. Kolodner , Mooly Sagiv, Establishing local temporal heap safety properties with applications to compile-time memory management, Science of Computer Programming, v.58 n.1-2, p.264-289, October 2005
James Rose , Nikhil Swamy , Michael Hicks, Dynamic inference of polymorphic lock types, Science of Computer Programming, v.58 n.3, p.366-383, December 2005
Joel Coburn , Srivaths Ravi , Anand Raghunathan , Srimat Chakradhar, SECA: security-enhanced communication architecture, Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems, September 24-27, 2005, San Francisco, California, USA
Jacob Zimmermann , George Mohay, Distributed intrusion detection in clusters based on non-interference, Proceedings of the 2006 Australasian workshops on Grid computing and e-research, p.89-95, January 16-19, 2006, Hobart, Tasmania, Australia
Arnar Birgisson , Mohan Dhawan , Úlfar Erlingsson , Vinod Ganapathy , Liviu Iftode, Enforcing authorization policies using transactional memory introspection, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Lieven Desmet , Wouter Joosen , Fabio Massacci , Katsiaryna Naliuka , Pieter Philippaerts , Frank Piessens , Dries Vanoverberghe, A flexible security architecture to support third-party applications on mobile devices, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
Srijith K. Nair , Patrick N. D. Simpson , Bruno Crispo , Andrew S. Tanenbaum, A Virtual Machine Based Information Flow Control System for Policy Enforcement, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.3-16, February, 2008
Andreas Bauer , Jan Juerjens, Security protocols, properties, and their monitoring, Proceedings of the fourth international workshop on Software engineering for secure systems, p.33-40, May 17-18, 2008, Leipzig, Germany
Chamseddine Talhi , Nadia Tawbi , Mourad Debbabi, Execution monitoring enforcement under memory-limitation constraints, Information and Computation, v.206 n.2-4, p.158-184, February, 2008
F. Y. Huang , C. B. Jay , D. B. Skillicorn, Adaptiveness in well-typed Java bytecode verification, Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research, October 16-19, 2006, Toronto, Ontario, Canada
Dachuan Yu , Ajay Chander , Nayeem Islam , Igor Serikov, JavaScript instrumentation for browser security, ACM SIGPLAN Notices, v.42 n.1, January 2007
Therrezinha Fernandes , Jules Desharnais, Describing data flow analysis techniques with Kleene algebra, Science of Computer Programming, v.65 n.2, p.173-194, March, 2007
Krzysztof M. Brzezinski , Norbert Malinski, Reference specification issues in on-line verification by passive testing, Proceedings of the 24th IASTED international conference on Parallel and distributed computing and networks, p.186-191, February 14-16, 2006, Innsbruck, Austria
Kevin W. Hamlen , Greg Morrisett , Fred B. Schneider, Certified In-lined Reference Monitoring on .NET, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada
Shin Nakajima , Tetsuo Tamai, Formal specification and analysis of JAAS framework, Proceedings of the 2006 international workshop on Software engineering for secure systems, May 20-21, 2006, Shanghai, China
K. Altisen , F. Maraninchi , D. Stauch, Aspect-oriented programming for reactive systems: Larissa, a proposal in the synchronous framework, Science of Computer Programming, v.63 n.3, p.297-320, 15 December 2006
Thomas Ball , Ella Bounimova , Byron Cook , Vladimir Levin , Jakob Lichtenberg , Con McGarvey , Bohus Ondrusek , Sriram K. Rajamani , Abdullah Ustuner, Thorough static analysis of device drivers, ACM SIGOPS Operating Systems Review, v.40 n.4, October 2006
Irem Aktug , Katsiaryna Naliuka, ConSpec -- A Formal Language for Policy Specification, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.45-58, February, 2008
Galen C. Hunt , James R. Larus , David Tarditi , Ted Wobber, Broad new OS research: challenges and opportunities, Proceedings of the 10th conference on Hot Topics in Operating Systems, p.15-15, June 12-15, 2005, Santa Fe, NM
David Brumley , Dawn Song, Privtrans: automatically partitioning programs for privilege separation, Proceedings of the 13th conference on USENIX Security Symposium, p.5-5, August 09-13, 2004, San Diego, CA
Arie Orlovsky , Danny Raz, Decentralized enforcement of security policies for distributed computational systems, Proceedings of the 2007 ACM symposium on Applied computing, March 11-15, 2007, Seoul, Korea
Trent Jaeger , Reiner Sailer , Yogesh Sreenivasan, Managing the risk of covert information flows in virtual machine systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Fabio Martinelli , Ilaria Matteucci, An Approach for the Specification, Verification and Synthesis of Secure Systems, Electronic Notes in Theoretical Computer Science (ENTCS), 168, p.29-43, February, 2007
David Basin , Ernst-Ruediger Olderog , Paul E. Sevinc, Specifying and analyzing security automata using CSP-OZ, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
Anderson Santana de Oliveira, Rewriting-Based Access Control Policies, Electronic Notes in Theoretical Computer Science (ENTCS), v.171 n.4, p.59-72, July, 2007
David Aspinall , Lennart Beringer , Martin Hofmann , Hans-Wolfgang Loidl , Alberto Momigliano, A program logic for resources, Theoretical Computer Science, v.389 n.3, p.411-445, December, 2007
Ilaria Matteucci, Automated Synthesis of Enforcing Mechanisms for Security Properties in a Timed Setting, Electronic Notes in Theoretical Computer Science (ENTCS), 186, p.101-120, July, 2007
Sanna Tuohimaa , Ville Leppänen, A compact aspect-based security monitor for J2ME applications, Proceedings of the 2007 international conference on Computer systems and technologies, June 14-15, 2007, Bulgaria
Scott C.-H. Huang , Kia Makki , Niki Pissinou, On optimizing compatible security policies in wireless networks, EURASIP Journal on Wireless Communications and Networking, v.2006 n.2, p.71-71, April 2006
Timothy E. Levin , Cynthia E. Irvine , Clark Weissman , Thuy D. Nguyen, Analysis of three multilevel security architectures, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and obligations in policy management and security applications, Proceedings of the 28th international conference on Very Large Data Bases, p.502-513, August 20-23, 2002, Hong Kong, China
Douglas R. Smith, Requirement enforcement by transformation automata, Proceedings of the 6th workshop on Foundations of aspect-oriented languages, p.5-14, March 13-13, 2007, Vancouver, British Columbia, Canada
Fabio Martinell , Ilaria Matteucci, Through Modeling to Synthesis of Security Automata, Electronic Notes in Theoretical Computer Science (ENTCS), 179, p.31-46, July, 2007
Martin Sulzmann , Răzvan Voicu, Language-Based Program Verification via Expressive Types, Electronic Notes in Theoretical Computer Science (ENTCS), v.174 n.7, p.129-147, June, 2007
Philip W. L. Fong, Reasoning about safety properties in a JVM-like environment, Science of Computer Programming, v.67 n.2-3, p.278-300, July, 2007
Tom Chothia , Dominic Duggan, Capability passing processes, Science of Computer Programming, v.66 n.3, p.184-204, May, 2007
Stephen McCamant , Michael D. Ernst, A simulation-based proof technique for dynamic information flow, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Anish Arora , Marvin Theimer, On modeling and tolerating incorrect software, Journal of High Speed Networks, v.14 n.2, p.109-134, April 2005
Dries Vanoverberghe , Frank Piessens, Supporting Security Monitor-Aware Development, Proceedings of the Third International Workshop on Software Engineering for Secure Systems, p.2, May 20-26, 2007
Mark Reith , Jianwei Niu , William H. Winsborough, Engineering Trust Management into Software Models, Proceedings of the International Workshop on Modeling in Software Engineering, p.9, May 20-26, 2007
Frédéric Besson , Thomas De Grenier DeLatour , Thomas Jensen, Interfaces for stack inspection, Journal of Functional Programming, v.15 n.2, p.179-217, March 2005
Gianluigi Ferrari , Eugenio Moggi , Rosario Pugliese, MetaKlaim: a type safe multi-stage language for global computing, Mathematical Structures in Computer Science, v.14 n.3, p.367-395, June 2004
Tom Goovaerts , Bart De Win , Wouter Joosen, Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.31-43, February, 2008
Peter Thiemann, Program specialization for execution monitoring, Journal of Functional Programming, v.13 n.3, p.573-600, May 2003
Christian Skalka, Types and trace effects for object orientation, Higher-Order and Symbolic Computation, v.21 n.3, p.239-282, September 2008
Thomas E. Hart , Marsha Chechik , David Lie, Security benchmarking using partial verification, Proceedings of the 3rd conference on Hot topics in security, p.1-6, July 29, 2008, San Jose, CA
Keith Irwin , Ting Yu , William H. Winsborough, Enforcing security properties in task-based systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
David Aspinall , Patrick Maier , Ian Stark, Monitoring External Resources in Java MIDP, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.17-30, February, 2008
Pascal Fradet , Stéphane Hong Tuan Ha, Aspects of availability, Proceedings of the 6th international conference on Generative programming and component engineering, October 01-03, 2007, Salzburg, Austria
Sean Peisert , Matt Bishop , Keith Marzullo, Computer forensics in forensis, ACM SIGOPS Operating Systems Review, v.42 n.3, April 2008
Julien Brunel , Frédéric Cuppens , Nora Cuppens , Thierry Sans , Jean-Paul Bodeveix, Security policy compliance with violation management, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.31-40, November 02-02, 2007, Fairfax, Virginia, USA
David Aspinall , Lennart Beringer , Alberto Momigliano, Optimisation Validation, Electronic Notes in Theoretical Computer Science (ENTCS), v.176 n.3, p.37-59, July, 2007
Christian Skalka , Scott Smith , David Van horn, Types and trace effects of higher order programs, Journal of Functional Programming, v.18 n.2, p.179-249, March 2008
Arshad Jhumka , Felix Freiling , Christof Fetzer , Neeraj Suri, An approach to synthesise safe systems, International Journal of Security and Networks, v.1 n.1/2, p.62-74, September 2006
Anderson Santana de Oliveira , Eric Ke Wang , Claude Kirchner , Helene Kirchner, Weaving rewrite-based access control policies, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.71-80, November 02-02, 2007, Fairfax, Virginia, USA
Karl Krukow , Mogens Nielsen , Vladimiro Sassone, A logical framework for history-based access control and reputation systems, Journal of Computer Security, v.16 n.1, p.63-101, January 2008
Daniel S. Dantas , David Walker , Geoffrey Washburn , Stephanie Weirich, AspectML: A polymorphic aspect-oriented functional programming language, ACM Transactions on Programming Languages and Systems (TOPLAS), v.30 n.3, p.1-60, May 2008
Fabio Massacci , Ida S. R. Siahaan, Simulating midlet's security claims with automata modulo theory, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Kevin W. Hamlen , Micah Jones, Aspect-oriented in-lined reference monitors, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Nikhil Swamy , Michael Hicks, Verified enforcement of stateful information release policies, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Irem Aktug , Katsiaryna Naliuka, ConSpec – A formal language for policy specification, Science of Computer Programming, v.74 n.1-2, p.2-12, December, 2008
Sean Peisert , Matt Bishop , Sidney Karin , Keith Marzullo, Analysis of Computer Intrusions Using Sequences of Function Calls, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.137-150, April 2007
Walter Chang , Brandon Streiff , Calvin Lin, Efficient and extensible security enforcement using dynamic data flow analysis, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Phu H. Phung , David Sands , Andrey Chudnov, Lightweight self-protecting JavaScript, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Jay Ligatti , Lujo Bauer , David Walker, Run-Time Enforcement of Nonsafety Policies, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-41, January 2009
Chamseddine Talhi , Nadia Tawbi , Mourad Debbabi, Execution monitoring enforcement for limited-memory systems, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Prathima Rao , Dan Lin , Elisa Bertino , Ninghui Li , Jorge Lobo, An algebra for fine-grained integration of XACML policies, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Marco Pistoia , Úlfar Erlingsson, Programming languages and program analysis for security: a three-year retrospective, ACM SIGPLAN Notices, v.43 n.12, December 2008
Danièle Beauquier , Joëlle Cohen , Ruggero Lanotte, Security Policies Enforcement Using Finite Edit Automata, Electronic Notes in Theoretical Computer Science (ENTCS), v.229 n.3, p.19-35, July, 2009
Nikhil Swamy , Michael Hicks, Verified enforcement of stateful information release policies, ACM SIGPLAN Notices, v.43 n.12, December 2008
Dries Vanoverberghe , Frank Piessens, Security enforcement aware software development, Information and Software Technology, v.51 n.7, p.1172-1185, July, 2009
Fei Yan , Philip W. L. Fong, Efficient IRM enforcement of history-based access control policies, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Yliès Falcone , Jean-Claude Fernandez , Laurent Mounier, Enforcement monitoring wrt. the safety-progress classification of properties, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
Isao Yagi , Yoshiaki Takata , Hiroyuki Seki, A Labeled Transition Model A-LTS for History-Based Aspect Weaving and Its Expressive Power, IEICE - Transactions on Information and Systems, v.E90-D n.5, p.799-807, May 2007
Brian W. DeVries , Gopal Gupta , Kevin W. Hamlen , Scott Moore , Meera Sridhar, ActionScript bytecode verification with co-logic programming, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, June 15-21, 2009, Dublin, Ireland
Ninghui Li , Qihua Wang , Wahbeh Qardaji , Elisa Bertino , Prathima Rao , Jorge Lobo , Dan Lin, Access control policy combining: theory meets practice, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Hakima Ould-Slimane , Mohamed Mejri , Kamel Adi, Enforcing Security Policies on Programs, Proceeding of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06, p.195-207, May 28, 2006
Rohit Chadha , A. Prasad Sistla , Mahesh Viswanathan, On the expressiveness and complexity of randomization in finite state monitors, Journal of the ACM (JACM), v.56 n.5, p.1-44, August 2009
Lamia Hamza , Kamel Adi, Formal Technique for Discovering Complex Attacks in Computer Systems, Proceeding of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07, p.185-199, June 11, 2007
Massimo Bartoletti , Pierpaolo Degano , Gian-Luigi Ferrari , Roberto Zunino, Local policies for resource usage analysis, ACM Transactions on Programming Languages and Systems (TOPLAS), v.31 n.6, p.1-43, August 2009

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.9 Management
          Subjects: Software configuration management
  D.4 OPERATING SYSTEMS

  F. Theory of Computation
  F.1 COMPUTATION BY ABSTRACT DEVICES
      F.1.1 Models of Computation
          Subjects: Automata (e.g., finite, push-down, resource-bounded)
  F.3 LOGICS AND MEANINGS OF PROGRAMS
      F.3.1 Specifying and Verifying and Reasoning about Programs
          Subjects: Specification techniques

  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.4 Electronic Commerce
          Subjects: Security


General Terms:
Security


Keywords:
EM security policies, SASI, inlined reference monitors, proof carrying code, safety properties, security automata, security policies


REVIEW

"Jaak Tepandi : Reviewer"

A security policy defines execution that, for one reason or another, has been deemed unacceptable. For example, a security policy might concern access control, information flow or availability. The practicality of a security policy depends on  more...

Collaborative Colleagues:
Fred B. Schneider: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player