Graduation Year

1230796800

Document Type

Thesis

Degree

M.S.C.S.

Degree Granting Department

Computer Science

Major Professor

Jay Ligatti, Ph.D.

Keywords

Security policies, Safety, Liveness, Security automata, Policy enforcement

Abstract

In many real enforcement systems, a security-relevant action must return a result before the application program that invoked that action can continue to execute. However, current models of runtime mechanisms do not capture this requirement on results being returned to application programs; current models are limited to reasoning about policies and enforcement in terms of actions alone, without considering the results of those actions. This thesis presents a more general model of runtime policy enforcement in which all actions return (possibly void- or unit-type) results. This mandatory-results model more accurately reflects the capabilities and limitations of real enforcement mechanisms, particularly those mechanisms that operate by monitoring function/method invocations. We analyze the new model to show that result-returning runtime monitors enforce a strict superset of the safety policies, including some nontrivial liveness policies.

Share

COinS