Open access
Date
2022Type
- Conference Paper
ETH Bibliography
yes
Altmetrics
Abstract
Correctness and regulatory compliance of today’s software systems are crucial for our safety and security. This can be achieved with policy enforcement: the process of monitoring and possibly modifying system behavior to satisfy a given policy. The enforcer’s capabilities determine which policies are enforceable.
We study the enforceability of policies specified in metric first-order temporal logic (MFOTL) with enforcers that can cause and suppress different system actions in real time. We consider an expressive safety fragment of MFOTL and show that a policy from that fragment is enforceable if and only if it is equivalent to a policy in a simpler, syntactically defined MFOTL fragment. We then propose an enforcement algorithm for all monitorable policies from the latter fragment, and show that our EnfPoly enforcer outperforms state-of-the-art tools. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000572888Publication status
publishedExternal links
Book title
Computer Security – ESORICS 2022Journal / series
Lecture Notes in Computer ScienceVolume
Pages / Article No.
Publisher
SpringerEvent
Organisational unit
03634 - Basin, David / Basin, David
More
Show all metadata
ETH Bibliography
yes
Altmetrics