Campus Event Calendar
Event Entry
What and Who
Enforceable Security Policies
Prof. Dr. David Basin
ETH Zurich
CISPA Distinguished Lecture Series
AG 1, AG 2, AG 3, AG 4, AG 5, SWS, RG1, MMCI
AG Audience
English
Note: We use this to send email in the morning.
Date, Time and Location
Thursday, 22 January 2015
14:00
60 Minutes
E1 5
0.02
Saarbrücken
Abstract
Security mechanisms are omnipresent and found at all layers of the
hardware and software stack, ranging from memory management
hardware to policy decision and enforcement points used in
middleware and web services. A fundamental question is "what kinds
of security policies can such mechanisms enforce?"
We examine this question for mechanisms that work by execution
monitoring. This covers a wide class of access control mechanisms which
intercept actions and prevent unauthorized actions from occurring, based
on a security policy. We will review work in this setting, in
particular the seminal work of Fred Schneider on the relationship
between enforceable security properties and safety properties. We will
clarify limitations in existing work and give necessary and sufficient
conditions for a security policy to be enforceable. In doing so, we
build upon ideas from control theory and formal language theory.
Furthermore, for different specification languages, we provide results
on deciding whether a given policy is enforceable and synthesizing an
enforcement mechanism from an enforceable policy.
(Joint work with Vincent Juge, Felix Klaedtke and Eugen Zalinescu)
hardware and software stack, ranging from memory management
hardware to policy decision and enforcement points used in
middleware and web services. A fundamental question is "what kinds
of security policies can such mechanisms enforce?"
We examine this question for mechanisms that work by execution
monitoring. This covers a wide class of access control mechanisms which
intercept actions and prevent unauthorized actions from occurring, based
on a security policy. We will review work in this setting, in
particular the seminal work of Fred Schneider on the relationship
between enforceable security properties and safety properties. We will
clarify limitations in existing work and give necessary and sufficient
conditions for a security policy to be enforceable. In doing so, we
build upon ideas from control theory and formal language theory.
Furthermore, for different specification languages, we provide results
on deciding whether a given policy is enforceable and synthesizing an
enforcement mechanism from an enforceable policy.
(Joint work with Vincent Juge, Felix Klaedtke and Eugen Zalinescu)
Contact
Sabine Nermerich
302-3585
--email hidden
passcode not visible
logged in users only
Sabine Nermerich, 01/21/2015 13:48
Sabine Nermerich, 12/17/2014 09:15 -- Created document.
Sabine Nermerich, 12/17/2014 09:15 -- Created document.