Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Mallios, Yannisa; * | Bauer, Lujoa; b | Kaynar, Dilsunc | Martinelli, Fabiod | Morisset, Charlese
Affiliations: [a] Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, USA. E-mail: [email protected] | [b] Institute for Software Research, Carnegie Mellon University, Pittsburgh, PA, USA. E-mail: [email protected] | [c] Computer Science Department, Carnegie Mellon University, Pittsburgh, PA, USA. E-mail: [email protected] | [d] Istituto di Informatica e Telematica, National Research Council, Pisa, Italy. E-mail: [email protected] | [e] Newcastle University, Newcastle, UK. E-mail: [email protected]
Correspondence: [*] Corresponding author: Yannis Mallios, Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, USA. E-mail: [email protected].
Abstract: This paper presents a formal framework for run-time enforcement mechanisms, or monitors, based on probabilistic input/output automata [Task-structured probabilistic I/O automata, Technical Report MIT-CSAIL-TR-2006-060, 2006; Proceedings of the 8th International Workshop on Discrete Event Systems, 2006, pp. 207–214], which allows for the modeling of complex and interactive systems. We associate with each trace of a monitored system (i.e., a monitor interposed between a system and an environment) a probability and a real number that represents the cost that the actions appearing on the trace incur on the monitored system. This allows us to calculate the probabilistic (expected) cost of the monitor and the monitored system, which we use to classify monitors, not only in the typical sense, as sound and transparent [ACM Transactions on Information and System Security 12(3) (2009), 1–41], but also at a more fine-grained level, as cost-optimal or cost-efficient. We show how a cost-optimal monitor can be built using information about cost and the probabilistic future behavior of the system and the environment, showing how deeper knowledge of a system can lead to construction of more efficient security mechanisms.
Keywords: Security policies, monitoring, cost, probabilistic I/O automata, policy enforcement
DOI: 10.3233/JCS-150538
Journal: Journal of Computer Security, vol. 23, no. 6, pp. 759-787, 2015
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]