Dynamic enforcement of decentralized security policies
Licentiatavhandling, 2011

This thesis explores defining security policies in a decentralized setting and dynamic methods of enforcing such policies. In a decentralized setting, principals are free to trust or distrust other principals. The key challenge is to provide possibilities for expressing and enforcing expressive decentralized policies. With foundation in security lattices, we develop a framework for decentralized policies for both confidentiality and declassification. The framework for describing policies takes into account the security policy of all involved principals. To enforce these policies in a highly dynamic setting, such as a web mashup, the thesis proposes a series of monitoring techniques. In particular, we investigate inlining of security monitors, a task which is made more complicated by dynamic code evluation fetures. We consider monitors executing in an environment under the influence of an attacker, identifying both attacks and how they are mitigated through use of defensive programming patterns.

dynamic

enforcement

security

policies

decentralized

EB
Opponent: Dr. Martin Johns

Författare

Jonas Magazinius

Chalmers, Data- och informationsteknik, Programvaruteknik

Forskning Andra publikationer

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),;Vol. 7127(2012)p. 239-255

Paper i proceeding

On-the-fly inlining of dynamic security monitors

IFIP Advances in Information and Communication Technology,;Vol. 330(2010)p. 173-186

Paper i proceeding

A lattice-based approach to mashup security

5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010,;(2010)p. 15-23

Paper i proceeding

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Programvaruteknik

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 1652

EB

Opponent: Dr. Martin Johns

Mer information

Skapat

2017-10-07

Feedback och support

Om du har frågor, behöver hjälp, hittar en bugg eller vill ge feedback kan du göra det här nedan. Du når oss också direkt per e-post research.lib@chalmers.se.

Om tjänsten

Research.chalmers.se innehåller information om forskning på Chalmers, publikationer och projekt inklusive information om finansiärer och samarbetspartners.

Läs mer om tjänsten, täckningsgrad och vilka som kan se informationen

Personuppgifter och cookies

Tillgänglighet

Citation Style Language
citeproc-js (Frank Bennett)

Länkar

Chalmers bibliotek
Chalmers forskning
Chalmers examensarbeten

Chalmers tekniska högskola

412 96 GÖTEBORG
TELEFON: 031-772 10 00
WWW.CHALMERS.SE