This document discusses implementing real-time transactional security properties using timed edit automata. It defines security policies, properties, and edit automata. Timed edit automata are presented as a method to enforce security, transactional, and real-time properties. A timed market policy example is discussed. The document concludes that combining security, real-time, and transactional properties can be implemented using timed edit automata.
Implementing real-time transactional security property using timed edit automata
1. Implementing Real-Time Transactional Security
Property using Timed Edit Automata
N.Rajamanickam and R.Nadarajan
PSG College of Technology
Coimbatore, India
nrm@mca.psgtech.ac.in
3. Security Policy
If a computer system is regarded as a state transition system, then
a security policy is a statement that partitions the states of the
system in to
set of authorized states
set of unauthorized states
4. Security Policy
A secure system is a system that starts in one of authorized state,
and cannot enter an unauthorized state
10. Edit Automata
Edit automaton E is a four tuple (Q, A, q0 , δ) where
Q - countably infinite set of states
A - set of actions
q0 - start state
δ : Q × A → Q × (A ∪ {.}) is deterministic total
transition function
11. Execution
A finite execution α is a finite sequence of timed actions(action,
time pairs)
α = a1 : t1 ; a2 : t2 ; a3 : t3 ; . . . ; ai : ti ; . . . ; an : tn
An infinite execution σ is an infinite sequence of timed actions
σ = a1 : t1 ; a2 : t2 ; a3 : t3 ; . . .
12. Timed Edit Automata
Timed edit automaton is a six tuple (Q, A, q0 , C , δ, I ) where
Q - countably infinite set of control locations
A - set of actions
q0 - start control location
C - set of real valued clocks
δ : A∪{null}×Q×B(C )×U → A∪{null}×Q×2C ×U
is deterministic transition function
I : Q → B(C ) assigns clock constraints to control
locations
13. Transitions
TE-Delay is for the transition between two actions, if the
timed edit automaton is in the same control location
TE-Suppress-Insert suppresses the current action ai and
inserts the new action b
TE-Insert is a discrete transition without taking any input
action
TE-Suppress suppresses the current input action ai and inserts
no input action
TE-Null is a discrete transition without taking any input
action and without emitting any output action
14. Operational Semantics
Discrete Transitions
σ = ai : t i ; σ
δ(ai , q, g , u) = (b, q , r , u ) u ∈ g
u ∈ I (q)
u ∈ I (q )
b
(σ, q, u) − TE (σ , q , u )
→
(TE-Suppress-Insert)
δ(null, q, g , u) = (c, q , r , u )
c
u∈g
(σ, q, u) − TE (σ, q , u )
→
u ∈ I (q )
(TE-Insert)
15. Operational Semantics
Discrete Transitions
σ = ai : ti ; σ
δ(ai , q, g , u) = (null, q , r , u )
u∈g
u ∈ I (q)
u ∈ I (q )
null
(σ, q, u) − → TE (σ , q , u )
−
(TE-Suppress)
δ(null, q, g , u) = (null, q , r , u )
null
u∈g
(σ, q, u) − → TE (σ, q , u )
−
u ∈ I (q )
(TE-Null)
18. Conclusion
Real-time transactional security property is a combination of
security property, real time property and transactional property
Timed market policy can be implemented by using timed edit
automaton
19. References I
R. Alur and D. Dill.
A theory of timed automata.
Theoritical Computer Science, 1994.
N. A.Lynch, R. Segala, and F. Vaandrager.
Hybrid i/o automata.
Information and Computation, pages 105–157, 2003.
J. Bengtsson and W. Yi.
Timed automata: Semantics, algorithms and tools.
In Lectures on Concurrency and Petri nets. Springer, 2004.
M. Bishop.
Computer Security: Art and Science.
Addison-Wesly, 2002.
M. Bishop and S. S. Venkatramanayya.
Introduction to computer Security.
Pearson Education, 2006.
F. B.Schneider.
Enforceable security policies.
ACM Transactions on Information and System Security, 2000.
S. Davidson, I. Lee, and V. Wolfie.
Timed atomic commitment.
IEEE Transactions on Computers, 1989.
R. Gupta, J. Haritsa, K. Ramamritham, and S.Seshadri.
Commit processing in distributed real-time database systems.
1996.
20. References II
J. R. Haritsa, K. Ramamritham, and R. Gupta.
The prompt real-time commit protocol.
IEEE Transactions on Parallel and Distributed Systems, 1999.
D. K.Kaynar, N. A.Lynch, R. Segala, and F. Vaandrager.
Timed i/o automata: A mathematical framework for modeling and analyzing real-time systems.
2003.
D. K.Kaynar, N. A.Lynch, R. Segala, and F. Vaandrager.
The theory of timed i/o automata.
2004.
J. Ligatti, L. Bauer, and D. Walker.
More enforceable security policies.
In Foundations of Computer Security Workshop, 2002.
J. Ligatti, L. Bauer, and D. Walker.
Edit automata: enforcement mechanism for run-time security policies.
International Journal of Information Security, 2005.
J. Ligatti, L. Bauer, and D. Walker.
Run-time enforcement of nonsafety policies.
ACM Transactions on Information and Systems Security, 2009.