TY - GEN
T1 - A policy language for the extended reference monitor in trusted operating systems
AU - Kim, Hyung Chan
AU - Ramakrishna, R. S.
AU - Shin, Wook
AU - Sakurai, Koiuchi
PY - 2007/8/29
Y1 - 2007/8/29
N2 - The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.
AB - The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.
UR - http://www.scopus.com/inward/record.url?scp=34548190073&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34548190073&partnerID=8YFLogxK
U2 - 10.1109/ARES.2007.14
DO - 10.1109/ARES.2007.14
M3 - Conference contribution
AN - SCOPUS:34548190073
SN - 0769527752
SN - 9780769527758
T3 - Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007
SP - 1160
EP - 1166
BT - Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007
T2 - 2nd International Conference on Availability, Reliability and Security, ARES 2007
Y2 - 10 April 2007 through 13 April 2007
ER -