共查询到16条相似文献,搜索用时 171 毫秒
1.
降密策略的主要目的在于确保程序中敏感信息的安全释放。目前,降密策略的安全条件和实施机制的研究主要集中在顺序式程序设计语言,它们不能直接移植到多线程并发环境,原因在于攻击者能利用线程调度的某些性质推导出敏感信息。为此,基于多线程程序设计语言模型和线程调度模型,建立了支持多线程并发环境的二维降密策略,有效确保了在合适的程序点降密合适的信息;建立了多线程并发环境下该降密策略的动态监控机制,并证明了该实施机制的可靠性。 相似文献
2.
3.
无干扰模型是信息流控制中的基础性安全模型,能确保敏感信息的零泄露,但其安全条件的限制性过强。软件系统由于功能的需要不可避免地需要违反无干扰模型,释放合适的信息。为了防止攻击者利用信息释放的通道获取超额的信息,需要对释放的通道进行控制,建立信息可信降密的策略和实施机制。基于不同维度对现有的降密策略进行归类,大致归并为降密的内容、主体、地点和时间维度;并对现有降密策略的实施机制进行分类,大致可分为静态实施、动态实施和安全多次执行;对这些机制的特点和不足之处进行比较,并探讨了后续研究面临的挑战,展望了未来的研究方向。 相似文献
4.
程序的行为轨迹常采用基于系统调用的程序行为自动机来表示.针对传统的程序行为自动机中控制流和数据流描述的程序行为轨迹准确性较低、获取系统调用上下文时间开销大、无法监控程序运行时相邻系统调用间的程序执行轨迹等问题,提出了基于系统调用属性的程序行为自动机.引入了多个系统调用属性,综合系统调用各属性的偏离程度,对系统调用序列描述的程序行为轨迹进行更准确地监控;提出了基于上下文的系统调用参数策略,检测针对系统调用控制流及数据流的行为轨迹偏离;提出了系统调用时间间距属性,使得通过系统调用及其参数无法监控的相邻系统调用间的程序行为轨迹在一定程度上得到了监控.实验表明基于系统调用属性的程序行为自动机能够更准确地刻画程序行为轨迹,较传统模型有更强的行为偏离检测能力. 相似文献
5.
6.
降密策略是信息流安全研究的重要挑战之一.目前的研究主要集中在不同维度的定性分析上,缺乏对机密信息降密数量的精确控制,从而导致降密策略的限制性与程序安全需求之间的关系难以精确控制.为此,提出基于信息格的量化度量方法,通过阈值的控制,从定量的角度对健壮性降密策略的限制性进行放松,实现富有弹性的健壮性降密策略. 相似文献
7.
本文介绍一个用于程序分析的命令过程。该命令过程主要功能是为分析者提供一张程序执行时过程之间的调用关系图,使分析者对程序的执行过程一目了然。对分析较长、较复杂的程序是一种强有力的工具。本文附有实例及命令过程的程序本身。 相似文献
8.
9.
10.
Quick Basic在装入源程序时使用菜单界面,而大家常用的BASICA及GWBASIC中没有这种功能。于是我编了一个程序,使BASIC语言对文件的操作更为直观、方便。 程序先用FILES命令列出磁盘上的程序名信息,再用SCREEN函数读这些信息,然后把各程序名存入数组A$,并给每个程序编号。当程序要求“Enter thenumber”时,只要输入程序的编号就可以对所选程序进行装入、改名、删除和运行的操作了。在程序执行时 相似文献
11.
基于内容和地点维度的机密信息降级策略 总被引:1,自引:1,他引:0
目前机密信息降级策略的研究主要集中在信息降级的内容、地点、时间等维度上,每个维度的策略都有一定的局限性,攻击者将会利用其他维度的漏洞,非法获取额外的机密信息。降级策略需要综合考虑多个维度来确保机密信息的可信降级。为此,利用攻击者知识模型,提出了一种基于内容和地点维度的降级策略。内容维度的关键思想是攻击者不允许通过滥用降级机制来获取额外的机密信息,而地点维度控制机密信息仅能通过特定的语句进行降级。此外,建立了该策略实施的类型规则,并证明了类型规则的可靠性。 相似文献
12.
Access control mechanisms protect critical resources of systems from unauthorized access. In a policy-based management approach, administrators define user privileges as rules that determine the conditions and the extent of users’ access rights. As rules become more complex, analytical skills are required to identify conflicts and interactions within the rules that comprise a system policy—especially when rules are stateful and depend on event histories. Without adequate tool support such an analysis is error-prone and expensive. In consequence, many policy specifications are inconsistent or conflicting that render the system insecure. The security of the system, however, does not only depend on the correct specification of the security policy, but in a large part also on the correct interpretation of those rules by the system’s enforcement mechanism. In this paper, we show how policy rules can be formalized in Fusion Logic, a temporal logic for the specification of behavior of systems. A symbolic decision procedure for Fusion Logic based on Binary Decision Diagrams (BDDs) is provided and we introduce a novel technique for the construction of enforcement mechanisms of access control policy rules that uses a BDD encoded enforcement automaton based on input traces which reflect state changes in the system. We provide examples of verification of policy rules, such as absence of conflicts, and dynamic separation of duty and of the enforcement of policies using our prototype implementation (FLCheck) for which we detail the underlying theory. 相似文献
13.
Anand R. Tripathi Devdatta Kulkarni Harsha Talkad Muralidhar Koka Sandeep Karanth Tanvir Ahmed Ivan Osipkov 《Software》2007,37(5):493-522
In this paper we present a framework for building policy‐based autonomic distributed agent systems. The autonomic mechanisms of configuration and recovery are supported through a distributed event processing model and a set of policy enforcement mechanisms embedded in an agent framework. Policies are event‐driven rules derived from the system's functional and non‐functional requirements. Agents in the network monitor the system state for policy violation conditions, generate appropriate events, and communicate them to other agents for cooperative filtering, aggregation, and handling. A set of agents perform policy enforcement actions whenever events signifying any policy violation conditions occur. Policies are defined using a specification framework based on XML. The policy enforcement agents interpret the policies given in XML. We illustrate the utility of this framework in the context of an agent‐based distributed network monitoring application. We also present an experimental evaluation of our approach. Copyright © 2006 John Wiley & Sons, Ltd. 相似文献
14.
We analyze the space of security policies that can be enforced by monitoring and modifying programs at run time. Our program monitors, called edit automata, are abstract machines that examine the sequence of application program actions and transform the sequence when it deviates from a specified policy. Edit automata have a rich set of transformational powers: they may terminate an application, thereby truncating the program action stream; they may suppress undesired or dangerous actions without necessarily terminating the program; and they may also insert additional actions into the event stream.After providing a formal definition of edit automata, we develop a rigorous framework for reasoning about them and their cousins: truncation automata (which can only terminate applications), suppression automata (which can terminate applications and suppress individual actions), and insertion automata (which can terminate and insert). We give a set-theoretic characterization of the policies each sort of automaton can enforce, and we provide examples of policies that can be enforced by one sort of automaton but not another. 相似文献
15.
Yliès Falcone Laurent Mounier Jean-Claude Fernandez Jean-Luc Richier 《Formal Methods in System Design》2011,38(3):223-262
Runtime enforcement is a powerful technique to ensure that a program will respect a given set of properties. We extend previous
work on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device
and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the
general Safety-Progress classification of properties. Furthermore, we propose a systematic technique to produce a monitor from the automaton recognizing a given safety, guarantee, obligation or response property.
Finally, we show that this notion of enforcement monitors is more amenable to implementation and encompasses previous runtime
enforcement mechanisms. 相似文献
16.
Danièle Beauquier Joëlle Cohen Ruggero Lanotte 《International Journal of Information Security》2013,12(4):319-336
Edit automata have been introduced by J.Ligatti et al. as a model for security enforcement mechanisms which work at run time. In a distributed interacting system, they play a role of a monitor that runs in parallel with a target program and transforms its execution sequence into a sequence that obeys the security property. In this paper, we characterize security properties which are enforceable by finite edit automata (i.e. edit automata with a finite set of states) and deterministic context-free edit automata (i.e. finite edit automata extended with a stack). We prove that the properties enforceable by finite edit automata are a sub-class of regular sets. Moreover, given a regular set $P$ , one can decide in time $O(n^2)$ , whether $P$ is enforceable by a finite edit automaton (where $n$ is the number of states of the finite automaton recognizing $P$ ) and we give an algorithm to synthesize the controller. Moreover, we prove that safety policies are always enforced by a deterministic context-free edit automaton. We also prove that it is possible to check if a policy is a safety policy in $O(n^4)$ . Finally, we give a topological condition on the deterministic automaton expressing a regular policy enforceable by a deterministic context-free edit automaton. 相似文献