Dynamic enforcement of decentralized security policies
Licentiatavhandling, 2011

This thesis explores defining security policies in a decentralized setting and dynamic methods of enforcing such policies. In a decentralized setting, principals are free to trust or distrust other principals. The key challenge is to provide possibilities for expressing and enforcing expressive decentralized policies. With foundation in security lattices, we develop a framework for decentralized policies for both confidentiality and declassification. The framework for describing policies takes into account the security policy of all involved principals. To enforce these policies in a highly dynamic setting, such as a web mashup, the thesis proposes a series of monitoring techniques. In particular, we investigate inlining of security monitors, a task which is made more complicated by dynamic code evluation fetures. We consider monitors executing in an environment under the influence of an attacker, identifying both attacks and how they are mitigated through use of defensive programming patterns.






Opponent: Dr. Martin Johns


Jonas Magazinius

Chalmers, Data- och informationsteknik, Programvaruteknik

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 7127(2012)p. 239-255

Paper i proceeding

On-the-fly inlining of dynamic security monitors

IFIP Advances in Information and Communication Technology,; Vol. 330(2010)p. 173-186

Paper i proceeding

A lattice-based approach to mashup security

5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010,; (2010)p. 15-23

Paper i proceeding


Informations- och kommunikationsteknik



Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 1652


Opponent: Dr. Martin Johns

Mer information