Gheorghe, Gabriela and Crispo, Bruno (2011) A survey of runtime policy enforcement techniques and implementations. UNSPECIFIED.
Runtime techniques bring new promises of accuracy and flexibility in enforcing security policies. While static security enforcement was previously studied and classified, this work is the first to survey the state of the art on runtime security enforcement. Our purpose is to encourage a better understanding of limitations and advantages of enforcement techniques and their implementations. We classify techniques by criteria such as abstraction level, enforced policies and security guarantees. We analyse several implementations of each technique, from the point of view of trust model, policy language and performance overhead. Finally, we discuss research issues for further investigation in policy enforcement.
Actions (login required)