In this paper, we present a new framework of runtime security policy enforcement. Building on previous studies, we examine the enforcement power of monitors able to transform their target's execution, rather than simply accepting it if it is valid, or aborting it otherwise. We bound this ability by a restriction stating that any transformation must preserve equivalence between the monitor's input and output. We proceed by giving examples of meaningful equivalence relations and identify the security policies that are enforceable with their use. We also relate our work to previous findings in this field. Finally, we investigate how an a priori knowledge of the target program's behavior would increase the monitor's enforcement power. © Springer-Verlag 2010.
CITATION STYLE
Khoury, R., & Tawbi, N. (2010). Using equivalence relations for corrective enforcement of security policies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6258 LNCS, pp. 139–154). https://doi.org/10.1007/978-3-642-14706-7_11
Mendeley helps you to discover research relevant for your work.