CT-ISG: Collaborative Research: Trustworthy Enforcement of Domain-Independent Run-Time Policies

CT-ISG：协作研究：域独立运行时策略的可信执行

• 批准号: 0716216
• 负责人: Ljudevit Bauer
• 金额: --
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-01 至 2010-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716216&HistoricalAwards=false
• 关键词: CT; ISG; Collaborative; Research; Trustworthy

CT-ISG: Collaborative Research: Trustworthy Enforcementof Domain-independent Run-time PoliciesAbstractRun-time monitors are a common and pervasive mechanism for ensuring that software andsystems adhere to security policies. Anti-virus and anti-spyware programs, personal firewalls,intrusion-detection tools, Java's stack inspection, and even mechanisms that trap operatingsystemexceptions in order to show a ?blue screen of death? can all be thought of as run-timemonitors. Although they differ greatly in their complexity and scope of policies that they canenforce, these mechanisms all observe the behavior of a running system and detect and reactto potentially dangerous events. Despite the pervasiveness and real-world importance of runtimemonitors, their use has far outpaced theoretical work that makes it possible to rigorouslyreason about monitors and the policies that they enforce, particularly in distributed settings.This project develops models, tools, and mechanisms for reasoning about and implementingdistributed, concurrently executing run-time monitors. The research adopts a holistic,four-prong approach that spans the breadth of the space between theoretical models andpractical systems for enforcing run-time policies. Specifically, this project (1) creates aframework for reasoning about enforcement that permits the possibilities of concurrent, distributedcomputations; (2) develops a type-safe policy-specification language that ensuresthat specified policies compile into well-behaved monitoring mechanisms; (3) designs trustworthyalgorithms for automatically translating a desired overall policy into node-specificpolicies that can be distributed and enforced throughout a network; and (4) designs, implements,and tests a prototype system for specifying and enforcing run-time policies withsupport for concurrently executing computations. Taken together, these research tasks enableformal modeling and automatic enforcement of run-time security policies in concurrentand distributed settings.

CT-ISG：协作研究：与域无关的运行时策略的可信执行摘要运行时监视器是确保软件和系统遵守安全策略的常见且普遍的机制。防病毒和反间谍软件程序、个人防火墙、入侵检测工具、Java 堆栈检查，甚至是捕获操作系统异常以显示“蓝屏死机”的机制。都可以被认为是运行时监视器。尽管它们在复杂性和可以执行的策略范围方面存在很大差异，但这些机制都观察正在运行的系统的行为并检测潜在危险事件并做出反应。尽管运行时监视器普遍存在并且在现实世界中很重要，但它们的使用远远超过了理论工作，这使得对监视器及其执行的策略进行严格推理成为可能，特别是在分布式环境中。该项目开发了用于推理的模型、工具和机制并实现分布式、并发执行的运行时监视器。该研究采用整体的、四管齐下的方法，跨越理论模型和执行运行时策略的实际系统之间的空间广度。具体来说，该项目 (1) 创建了一个用于推理执行的框架，允许并发、分布式计算的可能性； (2) 开发一种类型安全的策略规范语言，确保指定的策略编译成行为良好的监控机制； (3) 设计可信赖的算法，用于自动将所需的总体策略转换为可以在整个网络中分发和执行的特定于节点的策略； (4) 设计、实现和测试原型系统，用于指定和执行运行时策略并支持并发执行计算。总而言之，这些研究任务支持在并发和分布式设置中进行正式建模并自动执行运行时安全策略。