enforceable security policies revisited
play

Enforceable Security Policies Revisited David Basin 1 e 2 Vincent - PowerPoint PPT Presentation

May 05, 2023 •103 likes •371 views

Enforceable Security Policies Revisited David Basin 1 e 2 Vincent Jug Felix Klaedtke 1 alinescu 1 Eugen Z 1 Institute of Information Security, ETH Zurich, Switzerland 2 MINES ParisTech, France POST 2012 Basin, Jug e, Klaedtke, Z

  1. Enforceable Security Policies Revisited David Basin 1 e 2 Vincent Jug´ Felix Klaedtke 1 alinescu 1 Eugen Z˘ 1 Institute of Information Security, ETH Zurich, Switzerland 2 MINES ParisTech, France POST 2012 Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 1 / 16

  2. Security Policies Come in all Shapes and Sizes History-Based Access Control Chinese Wall Information Flow Separation of Duty Business Regulations Data Usage Privacy Estonian Law . . . Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 2 / 16

  3. Security Policies Come in all Shapes and Sizes History-Based Access Control Chinese Wall Information Flow Separation of Duty Business Regulations Data Usage Privacy Estonian Law . . . Which of these are enforceable? Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 2 / 16

  4. Enforcement by Execution Monitoring Enforceable Security Policies F. Schneider, TISSEC 2000 Abstract Setting System iteratively executes actions Enforcement mechanism intercepts them System (prior to their execution) allowed Enforcement mechanism terminates action? system in case of violation Enforcement Mechanism Main Concerns match with reality? ⇒ ⇒ ⇒ enforceable safety ���⇐ ⇐ ⇐ Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 3 / 16

  5. Follow-Up Work SASI Enforcement of Security Policies ´ U. Erlingsson and F. Schneider, NSPW 1999 IRM Enforcement of Java Stack Inspection ´ U. Erlingsson and F. Schneider, S&P 2000 Access Control by Tracking Shallow Execution History P. Fong, S&P 2004 Edit Automata: Enforcement Mechanisms for Run-Time Security Properties J. Ligatti, L. Bauer, and D. Walker, IJIS 2005 Computability classes for enforcement mechanisms K. Hamlen, G. Morrisett, and F. Schneider, TISSEC 2006 Run-Time Enforcement of Nonsafety Policies J. Ligatti, L. Bauer, and D. Walker, TISSEC 2009 A Theory of Runtime Enforcement, with Results J. Ligatti and S. Reddy, ESORICS 2010 Do you really mean what you actually enforced? N. Bielova and F. Massacci, IJIS 2011 Runtime Enforcement Monitors: Composition, Synthesis and Enforcement Abilities Y. Falcone, L. Mounier, J.-C. Fernandez, and J.-L. Richier, FMSD 2011 Service Automata R. Gay, H. Mantel, and B. Sprick, FAST 2011 Enforceable Policies Revisited D. Basin, V. Jug´ e, F. Klaedtke, and E. Z˘ alinescu, POST 2012 . . . Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 4 / 16

  6. Enforcement by Execution Monitoring (Fundamental Open Question) Match with Reality Limited Understanding Can we refine Schneider’s Schneider: enforceable ⇒ safety abstraction? Necessary and sufficient condition? Our Solution Refined abstract setting by distinguishing between observable and controllable actions: clock tick administrative actions user actions Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 5 / 16

  7. Contributions 1 Formalization and Characterization of Enforceability 2 Realizability of Enforcement Mechanisms Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 6 / 16

  8. Refined Abstract Setting Actions Traces Set of actions Σ = O ∪ C : Trace universe U ⊆ Σ ∞ : O = { observable actions } U � = ∅ C = { controllable actions } U prefix-closed Example: request · tick · deliver · tick · tick · request · deliver · tick . . . ∈ U Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 7 / 16

  9. Refined Abstract Setting Actions Traces Set of actions Σ = O ∪ C : Trace universe U ⊆ Σ ∞ : O = { observable actions } U � = ∅ C = { controllable actions } U prefix-closed Example: request · tick · deliver · tick · tick · request · deliver · tick . . . ∈ U Requirements (on the Enforcement Mechanism) Computability : Make decisions Soundness : Prevent policy-violating traces Transparency : Allow policy-compliant traces Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 7 / 16

  10. Formalization Enforcement Mechanism action System a n Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 8 / 16

  11. Formalization Enforcement Mechanism . . . a n . . . action a 1 a 2 1 a n # System − a n DTM Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 8 / 16

  12. Formalization Enforcement Mechanism . . . a n . . . action a 1 a 2 1 a n a n + 1 System − a n + 1 DTM Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 8 / 16

  13. Formalization Enforcement Mechanism . . . a n . . . action a 1 a 2 1 a n a n + 1 System − a n + 1 DTM Definition P ⊆ ( O ∪ C ) ∞ is enforceable in U def ⇐ ⇒ exists DTM M with ε ∈ L ( M ) 1 “ M accepts the empty trace” M halts on inputs in � trunc ( L ( M )) · ( O ∪ C ) � ∩ U 2 “ M either permits or denies intercepted action” � � M accepts inputs in trunc ( L ( M )) · O ∩ U 3 “ M permits intercepted observable action” � � trunc ( L ( M )) ∩ U = P ∩ U limitclosure 4 “soundness ( ⊆ ) and transparency ( ⊇ )” Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 8 / 16

  14. Examples Setting Controllable actions: C = { login , request , deliver } Observable actions: O = { tick , fail } Set of actions: Σ = C ∪ O Trace universe: U = Σ ∗ ∪ (Σ ∗ · { tick } ) ω Policies 1 “ login must not happen within 3 time units after a fail .” 2 “each request must be followed by a deliver within 3 time units.” Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 9 / 16

  15. Examples Setting Controllable actions: C = { login , request , deliver } Observable actions: O = { tick , fail } Set of actions: Σ = C ∪ O Trace universe: U = Σ ∗ ∪ (Σ ∗ · { tick } ) ω Policies 1 “ login must not happen within 3 time units after a fail .” ⇒ enforceable 2 “each request must be followed by a deliver within 3 time units.” ⇒ not enforceable Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 9 / 16

  16. Evolution of Safety Early Definitions L. Lamport, 1977: “A safety property is one which states that something bad will not happen.” B. Alpern and F. Schneider, 1986: A property P ⊆ Σ ω is ω -safety if ∃ i ∈ N . ∀ τ ∈ Σ ω . σ < i · τ / ∀ σ ∈ Σ ω . σ / ∈ P → � ∈ P � Folklore: A property P ⊆ Σ ∞ is ∞ -safety if ∃ i ∈ N . ∀ τ ∈ Σ ∞ . σ < i · τ / � � ∀ σ ∈ Σ ∞ . σ / ∈ P → ∈ P T. Henzinger, 1992: A property P ⊆ Σ ω is safety in U ⊆ Σ ω if ∃ i ∈ N . ∀ τ ∈ Σ ω . σ < i · τ / � � ∀ σ ∈ U . σ / ∈ P → ∈ P ∩ U Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 10 / 16

  17. Evolution of Safety Early Definitions L. Lamport, 1977: “A safety property is one which states that something bad will not happen.” B. Alpern and F. Schneider, 1986: A property P ⊆ Σ ω is ω -safety if ∃ i ∈ N . ∀ τ ∈ Σ ω . σ < i · τ / ∀ σ ∈ Σ ω . σ / ∈ P → � ∈ P � Folklore: A property P ⊆ Σ ∞ is ∞ -safety if ∃ i ∈ N . ∀ τ ∈ Σ ∞ . σ < i · τ / � � ∀ σ ∈ Σ ∞ . σ / ∈ P → ∈ P T. Henzinger, 1992: A property P ⊆ Σ ω is safety in U ⊆ Σ ω if ∃ i ∈ N . ∀ τ ∈ Σ ω . σ < i · τ / � � ∀ σ ∈ U . σ / ∈ P → ∈ P ∩ U Refined Definition A property P ⊆ Σ ∞ is ∞ -safety if ∃ i ∈ N . ∀ τ ∈ Σ ∞ . σ < i · τ / � � ∀ σ ∈ Σ ∞ . σ / ∈ P → ∈ P Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 10 / 16

  18. Evolution of Safety Early Definitions L. Lamport, 1977: “A safety property is one which states that something bad will not happen.” B. Alpern and F. Schneider, 1986: A property P ⊆ Σ ω is ω -safety if ∃ i ∈ N . ∀ τ ∈ Σ ω . σ < i · τ / ∀ σ ∈ Σ ω . σ / ∈ P → � ∈ P � Folklore: A property P ⊆ Σ ∞ is ∞ -safety if ∃ i ∈ N . ∀ τ ∈ Σ ∞ . σ < i · τ / � � ∀ σ ∈ Σ ∞ . σ / ∈ P → ∈ P T. Henzinger, 1992: A property P ⊆ Σ ω is safety in U ⊆ Σ ω if ∃ i ∈ N . ∀ τ ∈ Σ ω . σ < i · τ / � � ∀ σ ∈ U . σ / ∈ P → ∈ P ∩ U Refined Definition A property P ⊆ Σ ∞ is U-safety if ∃ i ∈ N . ∀ τ ∈ Σ ∞ . σ < i · τ / � � ∀ σ ∈ U . σ / ∈ P → ∈ P ∩ U Basin, Jug´ e, Klaedtke, Z˘ alinescu Enforceable Security Policies Revisited POST 2012 10 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by Khoo Yit Phang April 21, 2008 To Build Secure Systems... 1.What sort of security policies can and should w e demand of our system? 2.What mechanism

325 views • 15 slides
Enforceable Security Policies David Basin ETH Zurich Structure and Credits Tutorial in two

Enforceable Security Policies David Basin ETH Zurich Structure and Credits Tutorial in two

Enforceable Security Policies David Basin ETH Zurich Structure and Credits Tutorial in two parts, with two speakers Enforcement: David Basin Monitoring: Felix Klaedtke Tutorial focus: partial survey, with primary focus on our work

733 views • 58 slides
Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which

Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which

Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which policies are enforceable ? Characterization for an abstract setting Enforcement via execution monitoring system allowed

1.03k views • 73 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO security standards at campuses) p ) Brian OHora, BSc (Hons) &amp; MBA Technology Management Information Systems Services, TCD TERENA E2E

325 views • 15 slides
WTO: Greening the GATT, Revisited Panel &quot;Can National Policies and INDCs alone lead to a

WTO: Greening the GATT, Revisited Panel &quot;Can National Policies and INDCs alone lead to a

Climate Change Policies and the WTO: Greening the GATT, Revisited Panel &quot;Can National Policies and INDCs alone lead to a Workable and Effective Climate Regime?&quot;December 8, at 11:30 - 13:00, blue zone Room 4 Jaime de Melo FERDI The

489 views • 10 slides
ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ADVANCED COMPUTER SECURITY ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS Reminder : read and post response to Enforceable Security Policies by tomorrow afternoon. Please send me your talk

524 views • 41 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats Security policies Confidentiality Policies Policy The Bell-LaPadula Model Specification Integrity Policies The Biba

698 views • 49 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language policies Example policies Implementation policies High level Low level -2 Reading Material Computer Security,

764 views • 40 slides
Cyber-Insurance Revisited Workshop on the Economics of Information Security Kennedy School of

Cyber-Insurance Revisited Workshop on the Economics of Information Security Kennedy School of

CYBER-INSURANCE REVISITED Cyber-Insurance Revisited Workshop on the Economics of Information Security Kennedy School of Government Harvard University 03 June 2005 Rainer Bhme rainer.boehme@inf.tu-dresden.de Department of Computer Science

389 views • 22 slides
NONPROFIT GOVERNANCE POLICIES AND PROCEDURES REVISITED: TRENDS, DEVELOPMENTS, AND MORE TEX A S

NONPROFIT GOVERNANCE POLICIES AND PROCEDURES REVISITED: TRENDS, DEVELOPMENTS, AND MORE TEX A S

NONPROFIT GOVERNANCE POLICIES AND PROCEDURES REVISITED: TRENDS, DEVELOPMENTS, AND MORE TEX A S S O C I ETY O F C P A S N O N P RO FI T O RG A N I Z A TI O N S C O N FEREN C E M A Y 1 9 , 2 0 1 5 Da vid M. Ro se nb e rg Da rre n B. Mo o

537 views • 37 slides
Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Updated (VO) Community Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 EGI security policies

319 views • 12 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis &amp; Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
Lya emission from z=2-3 galaxies in SDSS/BOSS Rupert Croft + Other members of SDSS III/BOSS Ly

Lya emission from z=2-3 galaxies in SDSS/BOSS Rupert Croft + Other members of SDSS III/BOSS Ly

Lya emission from z=2-3 galaxies in SDSS/BOSS Rupert Croft + Other members of SDSS III/BOSS Ly working group: Talk plan: (1) Intro: Lya emission in the high-z universe -Lya emitting galaxies (Lya emitters) -Lya emission from IGM

507 views • 31 slides
for Scalable Joint Distribution Matching Ziliang Chen *, Zhanfu Yang*, Xiaoxi Wang*, Xiaodan Liang,

for Scalable Joint Distribution Matching Ziliang Chen *, Zhanfu Yang*, Xiaoxi Wang*, Xiaodan Liang,

Multivariate-Information Adversarial Ensemble for Scalable Joint Distribution Matching Ziliang Chen *, Zhanfu Yang*, Xiaoxi Wang*, Xiaodan Liang, Xiaopeng Yan, Guanbin Li, Liang Lin Sun Yat-sen University, Purdue University Motivation Implicit

419 views • 16 slides
Realistic Simulations of the Intergalactic Medium: The Search for Missing Physics Michael Norman

Realistic Simulations of the Intergalactic Medium: The Search for Missing Physics Michael Norman

Realistic Simulations of the Intergalactic Medium: The Search for Missing Physics Michael Norman James Bordner San Diego Supercomputer Center University of California San Diego Collaborators: David Tytler, Pengfei Chen (UCSD) 6/6/2018 - M. L.

278 views • 24 slides
The intergalactic medium and the epoch of reionization Cristiano Porciani AIfA,

The intergalactic medium and the epoch of reionization Cristiano Porciani AIfA,

The intergalactic medium and the epoch of reionization Cristiano Porciani AIfA, Uni-Bonn Questions? C. Porciani IGM &amp; EoR 2 Gunn-Peterson effect In 1965 Gunn and Peterson pointed out that any

922 views • 76 slides
Modelling the thermal state of the intergalactic medium Jamie Bolton with thanks to Bradley

Modelling the thermal state of the intergalactic medium Jamie Bolton with thanks to Bradley

Cosmological Structures from Reionisation to Galaxies, 12.05.15 Modelling the thermal state of the intergalactic medium Jamie Bolton with thanks to Bradley Greig (SNS Pisa), Sudhir Raskutti (Princeton) Motivation IGM contains majority

696 views • 20 slides
The environment of the most massive galaxies in the early universe in the light of the jet

The environment of the most massive galaxies in the early universe in the light of the jet

The environment of the most massive galaxies in the early universe in the light of the jet impact 5,75cm 100 kpc Background image: 4C 41.17, Z=3.8, composite (Michiel Reuland, www.strw.leidenuniv.nl/~reuland) Martin Krause

536 views • 22 slides
Radiative transfer through metals in CRASH3 Luca Graziani B. Ciardi - A. Maselli

Radiative transfer through metals in CRASH3 Luca Graziani B. Ciardi - A. Maselli

Radiative transfer through metals in CRASH3 Luca Graziani B. Ciardi - A. Maselli Cosmological RT with CRASH Metals in the IGM RT through metals C.R.A.S.H. Cosmological RAdiative transfer Scheme for Hydrodynamics RT code

421 views • 15 slides
OBSERVATIONAL and QUANTITATIVE COSMOLOGY WITH THE IGM MATTEO VIEL SISSA TRIESTE Azores PhD

OBSERVATIONAL and QUANTITATIVE COSMOLOGY WITH THE IGM MATTEO VIEL SISSA TRIESTE Azores PhD

OBSERVATIONAL and QUANTITATIVE COSMOLOGY WITH THE IGM MATTEO VIEL SISSA TRIESTE Azores PhD School - Lectures 1 and 2 Terceira 28/08/17 Euclid Flagship simulation GOALS and OUTLINE GOALS 1) provide a clear understanding of why the IGM can

771 views • 45 slides

More recommend