REWRITING-BASED SECURITY ENFORCEMENT OF CONCURRENT SYSTEMS - A Formal Approach

Mahjoub Langar, Mohamed Mejri, Kamel Adi

Abstract

Program security enforcement is designed to ensure that a program respects a given security policy, which generally specifies the acceptable executions of that. In general, the enforcement is achieved by adding some controls (tests) inside the target program or process. The major drawback of existing techniques is either their lack of precision or their inefficiency, especially those dedicated for concurrent languages. This paper proposes an efficient algebraic and fully automatic approach for security program enforcement: given a concurrent program P and a security policy f, it automatically generates another program P′ that satisfies f and behaves like P, except that it stops when P tries to violate the security policy f.

References

  1. Baeten, J. C. M. (2005). A brief history of process algebra. Theor. Comput. Sci., 335(2-3):131-146.
  2. Bauer, L., Ligatti, J., and Walker, D. (2002). More enforceable security policies. In In Foundations of Computer Security.
  3. Bergstra, W. F. J. A. and Ponse, A. (2001). Handbook Of Process Algebra, chapter chapter 5 : Process Algebra with Recursive Operations, pages 333-389. Elsevier.
  4. Brzozowski, J. A. (1964). Derivatives of regular expressions. J. ACM, 11(4):481-494.
  5. Erlingsson, U. and Schneider, F. B. (2000). Irm enforcement of java stack inspection. In SP 7800: Proceedings of the 2000 IEEE Symposium on Security and Privacy, page 246, Washington, DC, USA. IEEE Computer Society.
  6. Fokkink, W. (2000). Introduction to Process Algebra. Springer-Verlag, Berlin.
  7. K. Hamlen, G. M. and Schneider, F. (2003). Computability classes for enforcement mechanisms. Technical Report TR2003-1908, Cornell University.
  8. Langar, M. and Mejri, M. (2005). Formal and efficient enforcement of security policies. In FCS, pages 143- 149.
  9. Langar, M., Mejri, M., and Adi, K. (2007). A formal approach for security policy enforcement in concurrent programs. In Security and Management, pages 165- 171.
  10. Ligatti, J., Bauer, L., and Walker, D. (2005). Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security, 4(1-2):2-16.
  11. Martinell, F. and Matteucci, I. (2007). Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci., 179:31-46.
  12. Mejri, M. and Fujita, H. (2008). Enforcing security policies using algebraic approach. In SoMeT, pages 84-98.
  13. Morrisett, G., Walker, D., Crary, K., and Glew, N. (1999). From system f to typed assembly language. ACM Trans. Program. Lang. Syst., 21(3):527-568.
  14. Necula, G. C. (1997). Proof-carrying code. In POPL 7897: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 106-119, New York, NY, USA. ACM.
  15. Ould-Slimane, H., Mejri, M., and Adi, K. (2009). Using edit automata for rewriting-based security enforcement. In DBSec, pages 175-190.
  16. Owens, S., Reppy, J., and Turon, A. (2009). Regularexpression derivatives re-examined. J. Funct. Program., 19(2):173-190.
  17. Schneider, F. B. (2000). Enforceable security policies. ACM Trans. Inf. Syst. Secur., 3(1):30-50.
  18. Sen, K. and Rosu, G. (2003). Generating optimal monitors for extended regular expressions. In In Proceedings of the 3rd Workshop on Runtime Verification (RV03). Elsevier Science.
Download


Paper Citation


in Harvard Style

Langar M., Mejri M. and Adi K. (2010). REWRITING-BASED SECURITY ENFORCEMENT OF CONCURRENT SYSTEMS - A Formal Approach . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 66-74. DOI: 10.5220/0002996100660074


in Bibtex Style

@conference{secrypt10,
author={Mahjoub Langar and Mohamed Mejri and Kamel Adi},
title={REWRITING-BASED SECURITY ENFORCEMENT OF CONCURRENT SYSTEMS - A Formal Approach},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={66-74},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002996100660074},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - REWRITING-BASED SECURITY ENFORCEMENT OF CONCURRENT SYSTEMS - A Formal Approach
SN - 978-989-8425-18-8
AU - Langar M.
AU - Mejri M.
AU - Adi K.
PY - 2010
SP - 66
EP - 74
DO - 10.5220/0002996100660074