CT-ISG: Collaborative Research: Trustworthy Enforcement of Domain-Independent Run-Time Policies

CT-ISG：协作研究：域独立运行时策略的可信执行

• 批准号: 0716216
• 负责人: Ljudevit Bauer
• 金额: --
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-01 至 2010-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716216&HistoricalAwards=false
• 关键词: CT; ISG; Collaborative; Research; Trustworthy

CT-ISG: Collaborative Research: Trustworthy Enforcementof Domain-independent Run-time PoliciesAbstractRun-time monitors are a common and pervasive mechanism for ensuring that software andsystems adhere to security policies. Anti-virus and anti-spyware programs, personal firewalls,intrusion-detection tools, Java's stack inspection, and even mechanisms that trap operatingsystemexceptions in order to show a ?blue screen of death? can all be thought of as run-timemonitors. Although they differ greatly in their complexity and scope of policies that they canenforce, these mechanisms all observe the behavior of a running system and detect and reactto potentially dangerous events. Despite the pervasiveness and real-world importance of runtimemonitors, their use has far outpaced theoretical work that makes it possible to rigorouslyreason about monitors and the policies that they enforce, particularly in distributed settings.This project develops models, tools, and mechanisms for reasoning about and implementingdistributed, concurrently executing run-time monitors. The research adopts a holistic,four-prong approach that spans the breadth of the space between theoretical models andpractical systems for enforcing run-time policies. Specifically, this project (1) creates aframework for reasoning about enforcement that permits the possibilities of concurrent, distributedcomputations; (2) develops a type-safe policy-specification language that ensuresthat specified policies compile into well-behaved monitoring mechanisms; (3) designs trustworthyalgorithms for automatically translating a desired overall policy into node-specificpolicies that can be distributed and enforced throughout a network; and (4) designs, implements,and tests a prototype system for specifying and enforcing run-time policies withsupport for concurrently executing computations. Taken together, these research tasks enableformal modeling and automatic enforcement of run-time security policies in concurrentand distributed settings.

CT-ISG：协作研究：可靠地实施与域无关的运行时策略摘要运行时监控器是一种常见且普遍的机制，用于确保软件和系统遵守安全策略。防病毒和反间谍软件程序、个人防火墙、入侵检测工具、Java的堆栈检测，甚至是捕获操作系统异常以显示死亡蓝屏的机制。都可以被认为是运行时间监控器。尽管它们在复杂性和可以实施的策略范围上有很大的不同，但这些机制都可以观察正在运行的系统的行为，并检测和应对潜在的危险事件。尽管运行时监视器的普及性和现实世界的重要性，但它们的使用已经远远超过了理论工作，理论工作使严格推理监视器及其执行的策略成为可能，特别是在分布式设置中。这个项目开发了用于推理和实现分布式的、并发执行的运行时监视器的模型、工具和机制。这项研究采用了一种整体的、四管齐下的方法，跨越了理论模型和实践系统之间的空间，以实施运行时策略。具体地说，该项目(1)创建了一个关于强制执行的推理框架，允许并发、分布式计算的可能性；(2)开发了类型安全的策略规范语言，确保指定的策略编译成行为良好的监控机制；(3)设计了可信算法，用于自动将所需的总体策略转换为可以在整个网络中分发和强制执行的特定于节点的策略；以及(4)设计、实现和测试了一个原型系统，用于指定和强制执行运行时策略，并支持并发执行计算。综上所述，这些研究任务使得能够在并发和分布式环境中对运行时安全策略进行形式化建模和自动实施。