Monitoring security policies with metric first-order temporal logic

11 June 2010

conference paper
conference paper
Published by Association for Computing Machinery (ACM)

p. 23-34
https://doi.org/10.1145/1809842.1809849

Abstract

We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this expressive logic, ranging from traditional policies like Chinese Wall and separation of duty to more specialized usage-control and compliance requirements. We also explain how these formalizations can be directly used for monitoring and experimentally evaluate the performance of the resulting monitors.

Keywords

This publication has 22 references indexed in Scilit:

Distributed usage control
Communications of the ACM, 2006
Run-Time Checking of Dynamic Properties
Electronic Notes in Theoretical Computer Science, 2006
Formal model and policy specification of usage control
ACM Transactions on Information and System Security, 2005
Edit automata: enforcement mechanisms for run-time security policies
International Journal of Information Security, 2005
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security, 2001
Enforceable security policies
ACM Transactions on Information and System Security, 2000
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems, 1998
Efficient checking of temporal integrity constraints using bounded history encoding
ACM Transactions on Database Systems, 1995
Temporal triggers in active databases
IEEE Transactions on Knowledge and Data Engineering, 1995
Defining liveness
Information Processing Letters, 1985

Cited by 38 articles