可信操作系统中扩展参考监视器的策略语言

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.14

Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, K. Sakurai

{"title":"可信操作系统中扩展参考监视器的策略语言","authors":"Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, K. Sakurai","doi":"10.1109/ARES.2007.14","DOIUrl":null,"url":null,"abstract":"The main focus of current research in trusted operating systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on domain and type enforcement (DTE) and role-based access control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of event calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Policy Language for the Extended Reference Monitor in Trusted Operating Systems\",\"authors\":\"Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, K. Sakurai\",\"doi\":\"10.1109/ARES.2007.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The main focus of current research in trusted operating systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on domain and type enforcement (DTE) and role-based access control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of event calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

当前可信操作系统(TOS)研究的主要焦点是对参考监视器的增强访问控制，从而控制给定访问实例上的单个操作。然而，许多现实生活中的运行时攻击涉及行为语义。我们提出了一个扩展的参考监视器来同时支持访问和行为控制。这就产生了一系列操作，这些操作在安全执行中也很重要。本文提出了一种扩展参考监视器的策略语言。我们的策略语言基于域和类型强制(DTE)和基于角色的访问控制(RBAC)。将权限定义为事件，将行为状态表示为符合事件演算(EC)惯例的流。行为策略可以用EC风格语法和访问控制策略来表示

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Policy Language for the Extended Reference Monitor in Trusted Operating Systems

The main focus of current research in trusted operating systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on domain and type enforcement (DTE) and role-based access control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of event calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量