A Quantitative Approach for Inexact Enforcement of Security Policies (Contributo in atti di convegno)

Type
Label
  • A Quantitative Approach for Inexact Enforcement of Security Policies (Contributo in atti di convegno) (literal)
Anno
  • 2012-01-01T00:00:00+01:00 (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#doi
  • 10.1007/978-3-642-33383-5_19 (literal)
Alternative label
  • Peter Drábik, Fabio Martinelli, Charles Morisset (2012)
    A Quantitative Approach for Inexact Enforcement of Security Policies
    in Information Security Conference, Passau, Germany, 19.09.2012
    (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#autori
  • Peter Drábik, Fabio Martinelli, Charles Morisset (literal)
Pagina inizio
  • 306 (literal)
Pagina fine
  • 321 (literal)
Rivista
Note
  • Scopu (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#affiliazioni
  • IIT-CNR, Pisa, Italy (literal)
Titolo
  • A Quantitative Approach for Inexact Enforcement of Security Policies (literal)
Abstract
  • A run-time enforcement mechanism is a program in charge of ensuring that all the traces of a system satisfy a given security policy. Following Schneider's seminal work, there have been several approaches defining what kind of policies can be automatically enforced, and in particular, non-safety properties cannot be correctly and transparently enforced. In this paper, we first propose to build an enforcement mechanism using an abstract notion of selector. We then propose to quantify the inexact enforcement of a non-safety property by an enforcement mechanism, by considering both the traces leading to a non-secure output by this mechanism and the secure traces not output, thus formalizing an intuitive notion of security/usability tradeoff. Finally, we refine this notion when probabilistic and quantitative information is known about the traces. We illustrate all the different concepts with a running example, representing an abstract policy dealing with emergency situations. (literal)
Editore
Prodotto di
Autore CNR
Insieme di parole chiave

Incoming links:


Prodotto
Autore CNR di
Editore di
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#rivistaDi
Insieme di parole chiave di
data.CNR.it