Abstract
In this paper we propose a basic framework to merge security controllers with probabilistic concepts. This framework provides a first step towards quantitative security achieved by probabilistic controllers. It extends the framework for specification, analysis, and automatic generation of security controllers provided inĀ [21, 23] by considering probabilistic aspects of the behaviour of both the target process and the controller. Controllers may actively try to influence the choice of action of the target system or only passively react to actions the target system tried to perform. In a non-probabilistic setting both active and passive controllers can be expressed by the same model. In a probabilistic setting, however, these two types of controllers can differ. We respectively use the notions of generative and reactive processes to capture this distinction and discuss the different behaviours obtaining in the different settings.
This work has been partially supported by the Italian TENACE PRIN Project (#20103P34XC), ARTEMIS J.U.Ā SESAMO (#295354) and EU FP7 Marie Curie project MEALS (#295261).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aldini, A., Gorrieri, R.: Security analysis of a probabilistic non-repudiation protocol. In: Hermanns, H., Segala, R. (eds.) PROBMIV 2002, PAPM-PROBMIV 2002, and PAPM 2002. LNCS, vol. 2399, pp. 17ā36. Springer, Heidelberg (2002)
Andova, S.: Process algebra with probabilistic choice. In: Katoen, J.-P. (ed.) AMAST-ARTS 1999, ARTS 1999, and AMAST-WS 1999. LNCS, vol. 1601, pp. 111ā129. Springer, Heidelberg (1999)
Baier, C., Hermanns, H.: Weak bisimulation for fully probabilistic processes. In: Grumberg, O. (ed.) Computer Aided Verification. LNCS, pp. 119ā130. Springer, Heidelberg (1997)
Bartoletti, M., Degano, P., Ferrari, G.L.: Policy framings for access control. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 5ā11. ACM (2005)
Basin, D., JugĆ©, V., Klaedtke, F., ZÄlinescu, E.: Enforceable security policies revisited. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 309ā328. Springer, Heidelberg (2012)
Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Cervesato, I. (ed.) Foundations of Computer Security: proceedings of the FLoC 2002 workshop on Foundations of Computer Security, pp. 95ā104. DIKU Technical Report (2002)
Bauer, L., Ligatti, J., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1ā2), 2ā16 (2005)
Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, Ć., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73ā86. Springer, Heidelberg (2011)
Buchholz, P., Kemper, P.: Quantifying the dynamic behavior of process algebras. In: de Alfaro, L., Gilmore, S. (eds.) Proceedings of the Joint International Workshop on Process Algebra and Probabilistic Methods, Performance Modeling and Verification. LNCS, vol. 2165, pp. 184ā199. Springer, Heidelberg (2001)
Caravagna, G., Costa, G., Pardini, G.: Lazy security controllers. In: JĆøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 33ā48. Springer, Heidelberg (2013)
Ciancia, V., Martinelli, F., Ilaria, M., Morisset, C.: Quantitative evaluation of enforcement strategies: position paper. In: Danger, J.-L., Debbabi, M., Marion, J.-Y., Garcia-Alfaro, J., Heywood, N.Z. (eds.) FPS 2013. LNCS, vol. 8352, pp. 178ā186. Springer, Heidelberg (2014)
DrĆ”bik, P., Martinelli, F., Morisset, C.: Cost-aware runtime enforcement of security policies. In: JĆøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 1ā16. Springer, Heidelberg (2013)
Easwaran, A., Kannan, S., Lee, I.: Optimal control of software ensuring safety and functionality. Technical report MS-CIS-05-20, University of Pennsylvania (2005)
Glabbeek, R.V., Smolka, S., Steffen, B.: Reactive, generative and stratified models of probabilistic processes. Inform. Comput. 121, 130ā141 (1990)
den Hartog, J.I., de Vink, E.P.: Mixing up nondeterminism and probability: a preliminary report. Electr. Notes Theor. Comput. Sci. 22, 88ā110 (1999)
Hoare, C.: Communicating Sequential Processes, vol. 178. Prentice-hall, Englewood Cliffs (1985)
Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585ā591. Springer, Heidelberg (2011)
Ligatti, J., Bauer, L., Walker, D.W.: Enforcing non-safety security policies with program monitors. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355ā373. Springer, Heidelberg (2005)
Lowe, G.: Representing nondeterminism and probabilistic behaviour in reactive processes. Technical report PRG-TR-11-93, Oxforf University Computing Laboratory (1993)
Mallios, Y., Bauer, L., Kaynar, D., Martinelli, F., Morisset, C.: Probabilistic cost enforcement of security policies. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 144ā159. Springer, Heidelberg (2013)
Martinelli, F.: Analysis of security protocols as open systems. Theor. Comput. Sci. 290(1), 1057ā1106 (2003)
Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electr. Notes Theor. Comput. Sci. 179, 31ā46 (2007)
Martinelli, F., Matteucci, I.: A framework for automatic generation of security controller. Softw. Test. Verif. Reliab. 22(8), 563ā582 (2012)
Martinelli, F., Morisset, C.: Quantitative access control with partially-observable markov decision processes. In: Proceedings of CODASPY 2012, pp. 169ā180. ACM (2012)
Molloy, I., Dickens, L., Morisset, C., Cheng, P.C., Lobo, J., Russo, A.: Risk-based security decisions under uncertainty. In: Proceedings of CODASPY 2012, pp. 157ā168. ACM (2012)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30ā50 (2000)
Segala, R.: Modeling and verification of randomized distributed real-time systems. Ph.D. thesis, Massachusetts Institute of Technology (1995)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
denĀ Hartog, J., Matteucci, I. (2015). Introducing Probabilities in Controller Strategies. In: Garcia-Alfaro, J., et al. Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance. DPM QASA SETOP 2014 2014 2014. Lecture Notes in Computer Science(), vol 8872. Springer, Cham. https://doi.org/10.1007/978-3-319-17016-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-17016-9_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17015-2
Online ISBN: 978-3-319-17016-9
eBook Packages: Computer ScienceComputer Science (R0)