Title :
A Policy Language for the Extended Reference Monitor in Trusted Operating Systems
Author :
Kim, Hyung Chan ; Ramakrishna, R.S. ; Shin, Wook ; Sakurai, Koiuchi
Author_Institution :
Dept. of Inf. & Commun.,, Gwangju Inst. of Sci. & Technol.
Abstract :
The main focus of current research in trusted operating systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on domain and type enforcement (DTE) and role-based access control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of event calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies
Keywords :
authorisation; operating systems (computers); behavior control; behavioral semantics; domain enforcement; event calculus; extended reference monitor; policy language; role-based access control; runtime attacks; security enforcement; trusted operating systems; type enforcement; Access control; Calculus; Communication system control; Computer science; Computerized monitoring; Control systems; Operating systems; Permission; Runtime; Security;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.14
