Through the Lens of Code Granularity: A Unified Approach to Security Policy Enforcement
| Title | Through the Lens of Code Granularity: A Unified Approach to Security Policy Enforcement |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Engram, S., Ligatti, J. |
| Conference Name | 2020 IEEE Conference on Application, Information and Network Security (AINS) |
| Date Published | Nov. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-9240-6 |
| Keywords | Automata, Communication networks, Conferences, enforcement, Java, Monitoring, Policies, policy-based governance, pubcrawl, Runtime, security, security mechanisms, security policies |
| Abstract | A common way to characterize security enforcement mechanisms is based on the time at which they operate. Mechanisms operating before a program's execution are static mechanisms, and mechanisms operating during a program's execution are dynamic mechanisms. This paper introduces a different perspective and classifies mechanisms based on the granularity of program code that they monitor. Classifying mechanisms in this way provides a unified view of security mechanisms and shows that all security mechanisms can be encoded as dynamic mechanisms that operate at different levels of program code granularity. The practicality of the approach is demonstrated through a prototype implementation of a framework for enforcing security policies at various levels of code granularity on Java bytecode applications. |
| URL | https://ieeexplore.ieee.org/document/9315145 |
| DOI | 10.1109/AINS50155.2020.9315145 |
| Citation Key | engram_through_2020 |