Dynamic enforcement of decentralized security policies
Licentiatavhandling, 2011

This thesis explores defining security policies in a decentralized setting and dynamic methods of enforcing such policies. In a decentralized setting, principals are free to trust or distrust other principals. The key challenge is to provide possibilities for expressing and enforcing expressive decentralized policies. With foundation in security lattices, we develop a framework for decentralized policies for both confidentiality and declassification. The framework for describing policies takes into account the security policy of all involved principals. To enforce these policies in a highly dynamic setting, such as a web mashup, the thesis proposes a series of monitoring techniques. In particular, we investigate inlining of security monitors, a task which is made more complicated by dynamic code evluation fetures. We consider monitors executing in an environment under the influence of an attacker, identifying both attacks and how they are mitigated through use of defensive programming patterns.

dynamic

enforcement

security

policies

decentralized

EB
Opponent: Dr. Martin Johns

Författare

Jonas Magazinius

Chalmers, Data- och informationsteknik, Programvaruteknik

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Lecture Notes in Computer Science,; Vol. 7127(2010)p. 239-255

Paper i proceeding

On-the-fly inlining of dynamic security monitors

IFIP Advances in Information and Communication Technology,; Vol. 330(2010)p. 173-186

Paper i proceeding

A lattice-based approach to mashup security

5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010,; (2010)p. 15-23

Paper i proceeding

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Programvaruteknik

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 1652

EB

Opponent: Dr. Martin Johns

Mer information

Skapat

2017-10-07