A policy language for the extended reference monitor in trusted operating systems

Hyung Chan Kim; R. S. Ramakrishna; Wook Shin; Koiuchi Sakurai

doi:10.1109/ARES.2007.14

A policy language for the extended reference monitor in trusted operating systems

Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, Koiuchi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.

Original language	English
Title of host publication	Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007
Pages	1160-1166
Number of pages	7
DOIs	https://doi.org/10.1109/ARES.2007.14
Publication status	Published - Aug 29 2007
Event	2nd International Conference on Availability, Reliability and Security, ARES 2007 - Vienna, Australia Duration: Apr 10 2007 → Apr 13 2007

Publication series

Name	Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

Other

Other	2nd International Conference on Availability, Reliability and Security, ARES 2007
Country/Territory	Australia
City	Vienna
Period	4/10/07 → 4/13/07

All Science Journal Classification (ASJC) codes

Information Systems
Electrical and Electronic Engineering
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ARES.2007.14

Cite this

Kim, H. C., Ramakrishna, R. S., Shin, W., & Sakurai, K. (2007). A policy language for the extended reference monitor in trusted operating systems. In Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007 (pp. 1160-1166). [4159922] (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007). https://doi.org/10.1109/ARES.2007.14

A policy language for the extended reference monitor in trusted operating systems. / Kim, Hyung Chan; Ramakrishna, R. S.; Shin, Wook; Sakurai, Koiuchi.

Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. 2007. p. 1160-1166 4159922 (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, HC, Ramakrishna, RS, Shin, W & Sakurai, K 2007, A policy language for the extended reference monitor in trusted operating systems. in Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007., 4159922, Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 1160-1166, 2nd International Conference on Availability, Reliability and Security, ARES 2007, Vienna, Australia, 4/10/07. https://doi.org/10.1109/ARES.2007.14

Kim HC, Ramakrishna RS, Shin W, Sakurai K. A policy language for the extended reference monitor in trusted operating systems. In Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. 2007. p. 1160-1166. 4159922. (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007). https://doi.org/10.1109/ARES.2007.14

Kim, Hyung Chan ; Ramakrishna, R. S. ; Shin, Wook ; Sakurai, Koiuchi. / A policy language for the extended reference monitor in trusted operating systems. Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. 2007. pp. 1160-1166 (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007).

@inproceedings{9d10c0ada9324ffd83de85333f116d05,

title = "A policy language for the extended reference monitor in trusted operating systems",

abstract = "The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.",

author = "Kim, {Hyung Chan} and Ramakrishna, {R. S.} and Wook Shin and Koiuchi Sakurai",

year = "2007",

month = aug,

day = "29",

doi = "10.1109/ARES.2007.14",

language = "English",

isbn = "0769527752",

series = "Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007",

pages = "1160--1166",

booktitle = "Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007",

note = "2nd International Conference on Availability, Reliability and Security, ARES 2007 ; Conference date: 10-04-2007 Through 13-04-2007",

}

TY - GEN

T1 - A policy language for the extended reference monitor in trusted operating systems

AU - Kim, Hyung Chan

AU - Ramakrishna, R. S.

AU - Shin, Wook

AU - Sakurai, Koiuchi

PY - 2007/8/29

Y1 - 2007/8/29

N2 - The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.

AB - The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.

UR - http://www.scopus.com/inward/record.url?scp=34548190073&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34548190073&partnerID=8YFLogxK

U2 - 10.1109/ARES.2007.14

DO - 10.1109/ARES.2007.14

M3 - Conference contribution

AN - SCOPUS:34548190073

SN - 0769527752

SN - 9780769527758

T3 - Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

SP - 1160

EP - 1166

BT - Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007

T2 - 2nd International Conference on Availability, Reliability and Security, ARES 2007

Y2 - 10 April 2007 through 13 April 2007

ER -

A policy language for the extended reference monitor in trusted operating systems

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this