http://www.cnr.it/ontology/cnr/individuo/prodotto/ID276995

A Quantitative Approach for Inexact Enforcement of Security Policies (Contributo in atti di convegno)

Type

Label

A Quantitative Approach for Inexact Enforcement of Security Policies (Contributo in atti di convegno) (literal)

Anno

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#doi

Alternative label

Peter Drábik, Fabio Martinelli, Charles Morisset (2012)
A Quantitative Approach for Inexact Enforcement of Security Policies
in Information Security Conference, Passau, Germany, 19.09.2012
(literal)

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#autori

Pagina inizio

Pagina fine

Rivista

Note

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#affiliazioni

Titolo

Abstract

A run-time enforcement mechanism is a program in charge of ensuring that all the traces of a system satisfy a given security policy. Following Schneider's seminal work, there have been several approaches defining what kind of policies can be automatically enforced, and in particular, non-safety properties cannot be correctly and transparently enforced. In this paper, we first propose to build an enforcement mechanism using an abstract notion of selector. We then propose to quantify the inexact enforcement of a non-safety property by an enforcement mechanism, by considering both the traces leading to a non-secure output by this mechanism and the secure traces not output, thus formalizing an intuitive notion of security/usability tradeoff. Finally, we refine this notion when probabilistic and quantitative information is known about the traces. We illustrate all the different concepts with a running example, representing an abstract policy dealing with emergency situations. (literal)

Editore