The problem of enforcing a security policy has been partic- ularly well studied over the last decade, following Schneider’s seminal work on security automata. We first present in this paper this problem through its qualitative aspect, where one tries to specify and to define a “good” runtime monitor. In particular, we recall that under some condi- tions, a monitor can be automatically synthesized, using partial model checking. We then introduce some of the quantitative challenges of run- time enforcement, which focus on the problem of defining what does it mean for a monitor to be better than another one, and we sketch several directions that could be explored to tackle this issue.
Martinelli, F., Matteucci, I., & Morisset, C. (2012). From Qualitative to Quantitative Enforcement of Security Policy (pp. 22–35). https://doi.org/10.1007/978-3-642-33704-8_3