Runtime Enforcement With Partial Control
This work addresses the challenge of runtime enforcement for security policies, but it appears incremental as it builds on and refines existing models in the field.
The paper tackles the problem of characterizing which security policies are enforceable by runtime monitors by generalizing a model to organize actions in a lattice based on monitor control levels, and it delineates enforceable properties under this paradigm while relating results to prior work.
This study carries forward the line of enquiry that seeks to characterize precisely which security policies are enforceable by runtime monitors. In this regard, Basin et al.\ recently refined the structure that helps distinguish between those actions that the monitor can potentially suppress or insert in the execution, from those that the monitor can only observe. In this paper, we generalize this model by organizing the universe of possible actions in a lattice that naturally corresponds to the levels of monitor control. We then delineate the set of properties that are enforceable under this paradigm and relate our results to previous work in the field. Finally, we explore the set of security policies that are enforceable if the monitor is given greater latitude to alter the execution of its target, which allows us to reflect on the capabilities of different types of monitors.