Graduation Year

2013

Document Type

Dissertation

Degree

Ph.D.

Degree Granting Department

Computer Science and Engineering

Major Professor

Jay Ligatti

Keywords

Policy Composition, Policy-Specification Languages, Signed Regular Languages, Software Engineering, Visual Specification

Abstract

Complex software-security policies are dicult to specify, understand, and update. The

same is true for complex software in general, but while many tools and techniques exist

for decomposing complex general software into simpler reusable modules (packages, classes,

functions, aspects, etc.), few tools exist for decomposing complex security policies into simpler

reusable modules. The tools that do exist for modularizing policies either encapsulate

entire policies as atomic modules that cannot be decomposed or allow ne-grained policy

modularization but require expertise to use correctly.

This dissertation presents a policy-composition tool called PoliSeer [27, 26] and the

PoCo policy-composition software-security language. PoliSeer is a GUI-based tool designed

to enable users who are not expert policy engineers to

exibly specify, visualize, modify,

and enforce complex runtime policies on untrusted software. PoliSeer users rely on expert

policy engineers to specify universally composable policy modules; PoliSeer users then build

complex policies by composing those expert-written modules. This dissertation describes

the design and implementation of PoliSeer and a case study in which we have used PoliSeer

to specify and enforce a policy on PoliSeer itself.

PoCo is a language for specifying composable software-security policies. PoCo users

specify software-security policies in terms of abstract input-output event sequences. The

policy outputs are expressive, capable of describing all desired, irrelevant, and prohibited

events at once. These descriptive outputs compose well: operations for combining them

satisfy a large number of algebraic properties, which allows policy hierarchies to be designed

more simply and naturally. We demonstrate PoCo's capability via a case study in which a

sophisticated policy is implemented in PoCo.

Share

COinS