Security Goals Assurance Based on Software Active Monitoring

Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang Qi

Abstract

Access control is a vital security mechanism in today's operating systems and the security policies dictating the security relevant behaviors is lengthy and complex for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper we present how to predict whether the information flow security goal is violated or not during runtime how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software active monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus a closed-loop system is generated that all behavior sequences will satisfy the security goals.

OriginalspracheEnglisch
Titel2011 Fifth International Conference on Secure Software Integration and Reliability Improvement
Seitenumfang10
Herausgeber (Verlag)IEEE
Erscheinungsdatum23.09.2011
Seiten70-79
Aufsatznummer5992005
ISBN (Print)978-1-4577-0780-3
ISBN (elektronisch)978-0-7695-4453-3
DOIs
PublikationsstatusVeröffentlicht - 23.09.2011
Veranstaltung2011 5th International Conference on Secure Software Integration and Reliability Improvement - Jeju Island, Südkorea
Dauer: 27.06.201129.06.2011
Konferenznummer: 86506

Fingerprint

Untersuchen Sie die Forschungsthemen von „Security Goals Assurance Based on Software Active Monitoring“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitieren