Context-aware security: Linguistic mechanisms and static analysis
| Autor: | Letterio Galletta, Pierpaolo Degano, Francesco Salvatori, Chiara Bodei |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
code instrumentation
Security policy context-awareness static analysis type and effect system control flow analysis code instrumentation Computer Networks and Communications Computer science Security policy Distributed computing Effect system control flow analysis 02 engineering and technology Computer security computer.software_genre Control flow analysis type and effect system Adaptive system 0202 electrical engineering electronic engineering information engineering Context awareness Safety Risk Reliability and Quality Context (computing) context-awareness 020207 software engineering Static analysis static analysis Hardware and Architecture Information security standards 020201 artificial intelligence & image processing computer Software |
| Zdroj: | Journal of Computer Security. 24:427-477 |
| ISSN: | 1875-8924 0926-227X |
| DOI: | 10.3233/jcs-160551 |
| Popis: | Adaptive systems improve their efficiency by modifying their behaviour to respond to changes in their operational environment. Also, security must adapt to these changes and policy enforcement becomes dependent on the dynamic contexts. We study these issues within MLCoDa, (the core of) an adaptive declarative language proposed recently. A main characteristic of MLCoDa is to have two components: a logical one for handling the context and a functional one for computing. We extend this language with security policies that are expressed in logical terms. They are of two different kinds: context and application policies. The first, unknown ap riorito an application, protect the context from unwanted changes. The others protect the applications from malicious actions of the context, can be nested and can be activated and deactivated according to their scope. An execution step can only occur if all the policies in force hold, under the control of an execution monitor. Beneficial to this is a type and effect system, which safely approximates the behaviour of an application, and a further static analysis, based on the computed effect. The last analysis can only be carried on at load time, when the execution context is known, and it enables us to efficiently enforce the security policies on the code execution, by instrumenting applications. The monitor is thus implemented within MLCoDa, and it is only activated on those policies that may be infringed, and switched off otherwise. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|