More Enforceable Security Policies

Abstract:

We analyze the space of security policies that can be enforced by
monitoring programs at runtime. Our program monitors are automata
that examine the sequence of program actions and transform the
sequence when it deviates from the specified policy. The simplest
such automaton truncates the action sequence by terminating a program.
Such automata are commonly known as security automata, and they
enforce Schneider's EM class of security policies. We define automata
with more powerful transformational abilities, including the ability
to insert a sequence of actions into the event stream and to suppress
actions in the event stream without terminating the program. We give
a set-theoretic characterization of the policies these new automata
are able to enforce and show that they are a superset of the EM
policies.