Monitoring security policies with metric first-order temporal logic
- 11 June 2010
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this expressive logic, ranging from traditional policies like Chinese Wall and separation of duty to more specialized usage-control and compliance requirements. We also explain how these formalizations can be directly used for monitoring and experimentally evaluate the performance of the resulting monitors.Keywords
This publication has 22 references indexed in Scilit:
- Distributed usage controlCommunications of the ACM, 2006
- Run-Time Checking of Dynamic PropertiesElectronic Notes in Theoretical Computer Science, 2006
- Formal model and policy specification of usage controlACM Transactions on Information and System Security, 2005
- Edit automata: enforcement mechanisms for run-time security policiesInternational Journal of Information Security, 2005
- Proposed NIST standard for role-based access controlACM Transactions on Information and System Security, 2001
- Enforceable security policiesACM Transactions on Information and System Security, 2000
- An access control model supporting periodicity constraints and temporal reasoningACM Transactions on Database Systems, 1998
- Efficient checking of temporal integrity constraints using bounded history encodingACM Transactions on Database Systems, 1995
- Temporal triggers in active databasesIEEE Transactions on Knowledge and Data Engineering, 1995
- Defining livenessInformation Processing Letters, 1985