Add to ORKGA runtime monitor is a program that runs in parallel with an un-trusted application and examines actions from the application's instruc-tion stream. If the sequence of program actions deviates from a specied security policy, the monitor transforms the sequence or terminates the program. We present the design and formal specication of a language for dening the policies enforced by program monitors. Our language provides a number of facilities for composing complex policies from simpler ones. We allow policies to be parameterized by val-ues, or other policies. There are also operators for forming the conjunction and disjunction of policies. Since the computations that implement these policies modify program behavior, naive composition of...
A security policy presents a critical component of the overall security architecture and an essentia...
Security policies stipulate restrictions on the behaviors of systems to prevent themfrom behaving in...
We present a method for specifying high level security policies that can be en-forced by runtime mon...
A static approach is proposed to study secure composition of software. We extend the λ calculus with...
AbstractThis paper introduces a formal and modular technique allowing to automatically enforce a sec...
Complex software-security policies are dicult to specify, understand, and update. The same is true f...
<p>Run-time monitors ensure that untrusted software and system behavior adheres to a security policy...
A static approach is proposed to study secure composition of services. We extend the $\lambda$-calc...
Runtime enforcement mechanisms are an important and well-employed method for ensuring an execution o...
Abstract A precise characterization is given for the class of security policies enforceable with mec...
A precise characterization is given for the class of security policies that can be enforced using me...
This thesis proposes the MAP-REDUCE framework, a programmable framework, that can be used to constru...
A static approach is proposed to study secure composition of services. We extend the λ-calculus with...
Interactive security systems provide powerful security primitives (i.e., security-oriented system ca...
A precise characterization of those security policies enforceable by program rewriting is given. T...
A security policy presents a critical component of the overall security architecture and an essentia...
Security policies stipulate restrictions on the behaviors of systems to prevent themfrom behaving in...
We present a method for specifying high level security policies that can be en-forced by runtime mon...
A static approach is proposed to study secure composition of software. We extend the λ calculus with...
AbstractThis paper introduces a formal and modular technique allowing to automatically enforce a sec...
Complex software-security policies are dicult to specify, understand, and update. The same is true f...
<p>Run-time monitors ensure that untrusted software and system behavior adheres to a security policy...
A static approach is proposed to study secure composition of services. We extend the $\lambda$-calc...
Runtime enforcement mechanisms are an important and well-employed method for ensuring an execution o...
Abstract A precise characterization is given for the class of security policies enforceable with mec...
A precise characterization is given for the class of security policies that can be enforced using me...
This thesis proposes the MAP-REDUCE framework, a programmable framework, that can be used to constru...
A static approach is proposed to study secure composition of services. We extend the λ-calculus with...
Interactive security systems provide powerful security primitives (i.e., security-oriented system ca...
A precise characterization of those security policies enforceable by program rewriting is given. T...
A security policy presents a critical component of the overall security architecture and an essentia...
Security policies stipulate restrictions on the behaviors of systems to prevent themfrom behaving in...
We present a method for specifying high level security policies that can be en-forced by runtime mon...