A policy language for the extended reference monitor in trusted operating systems

Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, Koiuchi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The main focus of current research in Trusted Operating Systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on Domain and Type Enforcement (DTE) and Role-Based Access Control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of Event Calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies.

Original languageEnglish
Title of host publicationProceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007
Pages1160-1166
Number of pages7
DOIs
Publication statusPublished - Aug 29 2007
Event2nd International Conference on Availability, Reliability and Security, ARES 2007 - Vienna, Australia
Duration: Apr 10 2007Apr 13 2007

Publication series

NameProceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

Other

Other2nd International Conference on Availability, Reliability and Security, ARES 2007
CountryAustralia
CityVienna
Period4/10/074/13/07

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality

Cite this

Kim, H. C., Ramakrishna, R. S., Shin, W., & Sakurai, K. (2007). A policy language for the extended reference monitor in trusted operating systems. In Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007 (pp. 1160-1166). [4159922] (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007). https://doi.org/10.1109/ARES.2007.14