DOCSLIB.ORG

Automated Security Analysis of Virtualized Infrastructures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Security Analysis of Virtualized Infrastructures Automated Security Analysis of Virtualized Infrastructures Zur Erlangung des akademischen Grades Doktor-Ingenieur (Dr.-Ing.) genehmigte Dissertation von Sören Bleikertz, M.Sc. aus Leverkusen Tag der Einreichung: 15.02.2017, Tag der Prüfung: 17.05.2017 2017 — Darmstadt — D 17 1. Gutachten: Prof. Dr. Michael Waidner 2. Gutachten: Dr. Thomas Groß, University of Newcastle upon Tyne Security in Information Technology Fachbereich Informatik Automated Security Analysis of Virtualized Infrastructures Genehmigte Dissertation von Sören Bleikertz, M.Sc. aus Leverkusen 1. Gutachten: Prof. Dr. Michael Waidner 2. Gutachten: Dr. Thomas Groß, University of Newcastle upon Tyne Tag der Einreichung: 15.02.2017 Tag der Prüfung: 17.05.2017 Darmstadt — D 17 Erklärung zur Dissertation Hiermit versichere ich, die vorliegende Dissertation ohne Hilfe Dritter nur mit den an- gegebenen Quellen und Hilfsmitteln angefertigt zu haben. Alle Stellen, die aus Quellen entnommen wurden, sind als solche kenntlich gemacht. Diese Arbeit hat in gleicher oder ähnlicher Form noch keiner Prüfungsbehörde vorgelegen. Horgen, Schweiz, den 16.07.2017 (Sören Bleikertz, M.Sc.) 1 Abstract Virtualization enables the increasing efficiency and elasticity of modern IT infrastructures, including Infrastructure as a Service. However, the operational complexity of virtualized infrastructures is high, due to their dynamics, multi-tenancy, and size. Misconfigurations and insider attacks carry significant operational and security risks, such as breaches in tenant isolation, which put both the infrastructure provider and tenants at risk. In this thesis we study the question if it is possible to model and analyze complex, scalable, and dynamic virtualized infrastructures with regard to user-defined security and operational policies in an automated way. We establish a new practical and automated security analysis framework for virtualized infras- tructures. First, we propose a novel tool that automatically extracts the configuration of heterogeneous environments and builds up a unified graph model of the configuration and topology. The tool is fur- ther extended with a monitoring component and a set of algorithms that translates system changes to graph model changes. The benefits of maintaining such a dynamic model are time reduction for model population and closing the gap for transient security violations. Our analysis is the first that lifts static information flow analysis to the entire virtualized infrastructure, in order to detect isolation failures between tenants on all resources. The analysis is configurable using customized rules to reflect the different trust assumptions of the users. We apply and evaluate our analysis system on the production infrastructure of a global financial institution. For the information flow analysis of dynamic infrastructures we propose the concept of dynamic rule-based information flow graphs and develop a set of algorithms that maintain such information flow graphs for dynamic system models. We generalize the analysis of isolation properties and establish a new generic analysis platform for virtualized infrastructures that allows to express a diverse set of security and operational policies in a formal language. The policy requirements are studied in a case-study with a cloud service provider. We are the first to employ a variety of theorem provers and model checkers to verify the state of a virtualized infrastructure against its policies. Additionally, we analyze dynamic behavior such as VM migrations. For the analysis of dynamic infrastructures we pursue both a reactive as well as a proactive approach. A reactive analysis system is developed that reduces the time between system change and analysis result. The system monitors the infrastructure for changes and employs dynamic information flow graphs to verify, for instance, tenant isolation. For the proactive analysis we propose a new model, the Operations Transition Model, which captures the changes of operations in the virtualized infrastructure as graph transformations. We build a novel analysis system using this model that performs automated run-time analysis of operations and also offers change planning. The operations transition model forms the basis for further research in model checking of virtualized infrastructures. 3 Zusammenfassung Virtualisierung ermöglicht eine höhere Effizienz und Elastizität von modernen IT Infrastrukturen, ein- schließlich Infrastructure as a Service. Jedoch ist die operationale Komplexität von virtualisierten Infra- strukturen aufgrund ihrer Dynamik, “Multi-Tenancy” und ihrer Größe sehr hoch. Fehlkonfigurationen und Angriffe von Insidern tragen zu erheblichen operationalen und Sicherheitsrisiken bei. Beispielsweise führen Verletzungen in der Tenant-Isolierung zu Risiken sowohl für den Infrastrukturbetreiber als auch für den Nutzer. In dieser Dissertation untersuchen wir die Frage, ob es möglich ist komplexe, skalierbare und dynamische virtualisierte Umgebungen zu modellieren und hinsichtlich benutzerdefinierter operationaler und sicher- heitsrelevanter Richtlinien in einem automatischen Verfahren zu überprüfen. Wir etablieren ein neues praktisches und automatisches Framework für die Sicherheitsanalysen von virtualisierten Infrastrukturen. Zuerst stellen wir ein System vor, welches die Konfiguration von heterogenen Umgebungen automatisch extrahieren kann und ein einheitliches Graphenmodell der Konfiguration und der Topologie aufbaut. Zusätzlich wird das System mit einer Komponente zur Überwachung der Umgebung sowie Algorithmen ausgebaut, welche es erlauben, Änderungen in der Umgebung in Änderungen im Graphenmodell zu über- setzen. Die Vorteile eines solchen dynamischen Modells sind zum einen Zeiteinsparungen im Aufbau des Modells, als auch das Schliessen der Lücke im Erkennen von vorübergehenden Sicherheitsverletzungen. Unsere Analyse ist die erste, welche statische Informationsflussanalyse auf die gesamte virtualisierte Umgebung überträgt, somit können Verletzungen in der Tenant-Isolierung in allen Ressourcen entdeckt werden. Die Analyse ist mittels benutzerdefinierter Regeln konfigurierbar, welche die unterschiedli- chen Sicherheitsannahmen der Benutzer widerspiegeln. Wir verwenden und evaluieren unser System in der Produktionsumgebung eines globalen Finanzinstitutes. Im Rahmen der Informationsflussanalyse von dynamischen Infrastrukturen stellen wir das Konzept der dynamischen, regelbasierten Informa- tionsflussgraphen vor und entwickeln Algorithmen, welche Informationsflussgraphen für dynamische Systemmodelle verwalten. Wir generalisieren die Analyse von Isolationseigenschaften und etablieren eine generische Analyseplatt- form für virtualisierte Infrastrukturen, welche es erlaubt eine breite Menge von operationalen und sicherheitsrelevanten Richtlinien in einer formalen Sprache auszudrücken. Die Anforderungen an die aus- zudrückenden Richtlinien werden in einer Fallstudie mit einem Cloud-Provider untersucht. Erstmals wird eine Reihe von etablierten automatischen Theorembeweisern sowie Modellprüfern für die Analyse von virtualisierten Infrastrukturen gegenüber spezifizierten Richtlinien angewendet. Außerdem überprüfen wir dynamisches Verhalten, wie zum Beispiel die Migration von VMs. Im Falle der Analyse von dynamischen Infrastrukturen verfolgen wir sowohl einen reaktiven als auch einen proaktiven Ansatz. Unser neu entwickeltes reaktives Analysesystem reduziert die Zeit zwischen Systemän- derung und Analyseergebnis. Das System überwacht die Infrastruktur auf Änderungen und verwendet einen dynamischen Informationsflussgraphen unter anderem zur Überprüfung von Tenant-Isolierung. Im Rahmen des proaktiven Ansatzes entsteht ein neuartiges Modell, das Operations Transition Model, welches durch Operationen verursachte Änderungen in virtualisierten Infrastrukturen mittels Graphtransformatio- nen abbildet. Ein neues auf dem Modell aufbauendes Analysesystem überprüft automatisch Operationen zur Laufzeit und ermöglicht es außerdem, Änderungen in virtualisierten Umgebungen zu planen. Das Operations Transition Model bildet die Basis für weitere Forschungen im Bereich der Modellüberprüfung von virtualisierten Infrastrukturen. 5 Acknowledgments Many individuals contributed to the success of this thesis. First and foremost I want to thank my advisors Michael Waidner and Thomas Groß. Michael gave me the freedom to pursue my own ideas and research interests, while providing valuable insights when needed. Thomas has been an outstanding collaborator and mentor during the years of my research. I want to thank the many collaborators with whom I had the pleasure to work with on a variety of research projects. My very good and long-term friends Sven Bugiel and Carsten Vogel. Matthias Schunter has been a great mentor during my internships at IBM and parts of my thesis work. Sebastian Mödersheim provided valuable insights in formal methods. Furthermore, large parts of this thesis has been done at the IBM Research laboratory in Zurich and I want to thank the colleagues I worked with there. In particular, my managers Mike Osborne and Andreas Wespi who provided me the support and flexibility to work on my research. I shared many PhD experiences and enjoyed technical as well as non-technical discussions with Animesh Trivedi, Anil Kurmus, Nikola Knezevic, and Zoltan Nagy, who all have been great friends ever since. Finally, I sincerely thank Eva and my family for their continuous support throughout the years of working on this thesis. Sören Bleikertz Horgen, Switzerland 7 Contents 1. Introduction 13 1.1. Motivation................................................
Load more

Recommended publications
  • Applp: a Dialogue on Applications of Logic Programming
    AppLP: A Dialogue on Applications of Logic Programming David S. Warren Yanhong A. Liu Stony Brook University This document describes the contributions of the 2016 Applications of Logic Programming Workshop (AppLP), which was held on October 17 and associated with the International Conference on Logic Programming (ICLP) in Flushing, New York City. Focus and scope The focus of the workshop was applications of logic programming, i.e., application problems, in whole or in part, that are solved by using logic programming languages and systems. A particular theme of interest was to explore the ease of development and maintenance, clarity, performance, and tradeoffs among these features, brought about by programming using a logic paradigm. The goal was to help provide directions for future research advances and application development. Real-world problems increasingly involve complex data and logic, making the use of logic pro- gramming more and more beneficial for such complex applications. Despite the diverse areas of application, their common underlying requirements are centered around ease of development and maintenance, clarity, performance, integration with other tools, and tradeoffs among these prop- erties. Better understanding of these important principles will help advance logic programming research and lead to benefits for logic programming applications. The workshop was organized around four main areas of application: Enterprise Software, Con- trol Systems, Intelligent Agents, and Deep Analysis. These general areas included topics such as business intelligence, ontology management, text processing, program analysis, model checking, access control, network programming, resource allocation, system optimization, decision making, and policy administration. The issues proposed for discussion included language features, imple- mentation efficiency, tool support and integration, evaluation methods, as well as teaching and training.
    [Show full text]
  • 2Nd USENIX Conference on Web Application Development (Webapps ’11)
    conference proceedings Proceedings of the 2nd USENIX Conference Application on Web Development 2nd USENIX Conference on Web Application Development (WebApps ’11) Portland, OR, USA Portland, OR, USA June 15–16, 2011 Sponsored by June 15–16, 2011 © 2011 by The USENIX Association All Rights Reserved This volume is published as a collective work. Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. Permission is granted to print, primarily for one person’s exclusive use, a single copy of these Proceedings. USENIX acknowledges all trademarks herein. ISBN 978-931971-86-7 USENIX Association Proceedings of the 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Conference Organizers Program Chair Armando Fox, University of California, Berkeley Program Committee Adam Barth, Google Inc. Abdur Chowdhury, Twitter Jon Howell, Microsoft Research Collin Jackson, Carnegie Mellon University Bobby Johnson, Facebook Emre Kıcıman, Microsoft Research Michael E. Maximilien, IBM Research Owen O’Malley, Yahoo! Research John Ousterhout, Stanford University Swami Sivasubramanian, Amazon Web Services Geoffrey M. Voelker, University of California, San Diego Nickolai Zeldovich, Massachusetts Institute of Technology The USENIX Association Staff WebApps ’11: 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Message from the Program Chair . v Wednesday, June 15 10:30–Noon GuardRails: A Data-Centric Web Application Security Framework . 1 Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks .
    [Show full text]
  • Downloads/Pws-Whitepaper-May-2006-De.Pdf, 28.07.2008
    Privacy and Identity Management in Europe for Life Infrastructure for Trusted Content Editors: Dr. Stephan Spitz (GD) Dr. Walter Hinz (GD) Dr. Marc-Michael Bergfeld (GD) Reviewers: Karel Wouters (KUL) Aleksandra Kuczerawy (KUL) Identifier: D6.2.1 Type: Deliverable Class: Public Date: 28 August 2008 Abstract As the usage of information and communication technology increases in private and professional life, personal data is widely stored. While service providers need to rely on identifying their customers, conscious identity management and privacy develops into a new value for the service user, especially in the electronic service context. Here, modern technology infrastructures can assist in providing security to both sides by assuring identification and privacy at the same time. This paper introduces the ‘Security of Service’ concept and presents different technical environments through which it can be established. Privacy in service composition is elaborated conceptually and from a technological standpoint. Potential authentication scenarios and emerging use cases are introduced. In conclusion, implications for the needed technological infrastructures are derived and necessary future research directions are indicated. Copyright © 2008 by the PrimeLife Consortium The research leading to these results has received funding from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n o 216483. Members of the PrimeLife Consortium 1. IBM Research GmbH IBM Switzerland 2. Unabhängiges Landeszentrum für Datenschutz ULD Germany 3. Technische Universität Dresden TUD Germany 4. Karlstads Universitet KAU Sweden 5. Università degli Studi di Milano UNIMI Italy 6. Johann Wolfgang Goethe – Universität Frankfurt am Main GUF Germany 7. Stichting Katholieke Universiteit Brabant TILT Netherlands 8.
    [Show full text]
  • Conference Reports ELECTRONIC SUPPLEMENT
    DECEMBER 2012 vOL. 37, NO. 6 Conference Reports ELECTRONIC SUPPLEMENT 21st USENIX Security Symposium (USENIX and that they also knew what the US was doing (capabilities) Security ’12) through the use of spies in the US and their interception of our ciphers (access). After considering all of these differ- Bellevue, WA August 8–10, 2012 ent criteria, cryptographers could then attempt to provide information assurance in the face of this particular enemy. Opening Remarks Again focusing on communications, they examined the Summarized by Rik Farrow ([email protected]) security of the SAVILLE cipher and its usage in the VINSON Program Chair Tadayoshi Kohno (University of Washing- hand-held radio. Additionally, they really had time to do it ton) opened the conference by telling us that there were 222 right: the SAVILLE cipher was developed in the 1950s, evalu- papers submitted and 42 accepted. By replacing four invited ated in the 1960s, and then finally implemented in VINSON talks sessions with paper presentations, more papers could and deployed in 1976; this meant that they could look closely be accepted than in the past. at both the algorithm and its implementation to try to find When the conference began, there were 484 attendees; 84 potential attacks. students received travel grants using money provided by the In modern times, the field has once again changed dramati- National Science Foundation, with Google and Microsoft cally. One of the main catalysts for these changes was the being the next largest sponsors. introduction of the Data Encryption Standard (DES), which Best Paper awards went to “Mining Your Ps and Qs: Detec- was created through a competition held by NIST.
    [Show full text]
  • Access Control Models for Collaborative Applications Asma Cherif
    Access Control Models for Collaborative Applications Asma Cherif To cite this version: Asma Cherif. Access Control Models for Collaborative Applications. Distributed, Parallel, and Cluster Computing [cs.DC]. Université de Lorraine, 2012. English. NNT : 2012LORR0217. tel-01749620v2 HAL Id: tel-01749620 https://tel.archives-ouvertes.fr/tel-01749620v2 Submitted on 11 Dec 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UFR math´ematiques et informatique Ecole´ doctorale IAEM Lorraine D´epartement de formation doctorale en informatique Mod`elesde Contr^oled'Acc`espour Les Applications Collaboratives THESE` pr´esent´eeet soutenue publiquement le 26 Novembre 2012 pour l'obtention du Doctorat de l'universit´eNancy 2 (sp´ecialit´einformatique) par Asma CHERIF Composition du jury Pr´esident: Kamel SMAILI Pr. Universit´ede Lorraine Rapporteurs : Fr´ed´ericCUPPENS Pr. ENST Bretagne Achour MOSTEFAOUI Pr. Universit´ede Nantes Examinateurs : Ladjel BELLATRECHE Pr. LIAS/ISAE ENSMA Poitiers Sophie CHABRIDON Mcf. T´el´ecom Sud Paris Directeurs de thèse : Abdessamad IMINE Mcf. Universit´ede Lorraine Micha¨elRUSINOWITCH Dr. Inria Nancy Grand Est Laboratoire Lorrain de Recherche en Informatique et ses Applications | UMR 7503 Mis en page avec la classe thloria.
    [Show full text]
  • FOUNDATIONS of ACCESS CONTROL for SECURE STORAGE a Dissertation Submitted in Partial Satisfaction of the Requirements for the Degree Of
    UNIVERSITY OF CALIFORNIA SANTA CRUZ FOUNDATIONS OF ACCESS CONTROL FOR SECURE STORAGE A dissertation submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in COMPUTER SCIENCE by Avik Chaudhuri December 2008 The Dissertation of Avik Chaudhuri is approved: Professor Mart´ın Abadi, Chair Professor Scott Brandt Professor Cormac Flanagan Professor Luca de Alfaro Dean Lisa Sloan Vice Provost and Dean of Graduate Studies Copyright c by Avik Chaudhuri 2008 Table of Contents Abstract vii Dedication viii Acknowledgments ix 1 Introduction 1 1.1 Access control and secure storage . .3 1.2 A research program . .4 1.3 Some highlights . .4 1.3.1 Security enforcement on operating systems . .5 1.3.2 Automatic analysis of security models . .6 1.3.3 Automated security analysis of storage protocols . .6 1.3.4 Secure distributed sharing of services . .8 1.3.5 Correctness of distributed access-control implementations . .8 1.4 Ideas and techniques . .9 1.4.1 Programming languages . .9 1.4.2 Logic . 11 1.5 Organization . 12 1.5.1 Dependencies . 13 1.5.2 Common themes . 13 I Correctness of Access Control 16 2 Cryptographic access control 18 2.1 Plutus . 20 2.2 Formal model of Plutus . 23 2.2.1 Background on ProVerif . 23 2.2.2 Plutus in ProVerif . 24 iii 2.3 Security results on Plutus . 31 2.3.1 Background on correspondences . 31 2.3.2 Security properties of Plutus . 35 2.3.3 Analysis of some design details . 41 2.3.4 Additional remarks . 44 3 Access control with labels 47 3.1 EON .......................................
    [Show full text]
  • Cybersecurity Initiative Flanders Strategic Research Programme
    VR 2019 1312 DOC.1235/5 Cybersecurity Initiative Flanders Strategic Research Programme July 2019 Contributing Authors: Bart De Decker, Bart Jacobs, Bart Preneel, Benedikt Gierlichs, Bert Lagaisse, Bjorn De Sutter, Bruno Crispo, Claudia Diaz, Coen De Roover, Cyprien Delpech de Saint Guilhem, Danny De Cock, Danny Hughes, Dave Singelee, Davy Preuveneers, Dimitri Van Landuyt, Dominique Devriese, Elena Andreeva, Elisa Gonzales Boix , Els Kindt, Emmanuela Orsini, Enrique Argones Rua, Frank Piessens, Frederik Vercauteren, Ingrid Verbauwhede, Jan Tobias Mühlberg, Koen Yskout, Lieven Desmet, Nele Mentens, Nigel Smart, Peggy Valcke, Pieter Maene, Sam Michiels, Stijn Volckaert, Svetla Nikova, Vincent Naessens, Vincent Rijmen, Wolfgang De Meuter, Wouter Castryck, Wouter Joosen Cybersecurity Initiative Flanders- Strategic Research Programme Page 2 | Introduction Cybersecurity Initiative Flanders - Strategic Research Programme 1. Introduction Context and Motivation: Cybersecurity, Challenge and Opportunity While the digital transformation has a strongly increasing and positive impact on our society and our economy, the lack of adequate cybersecurity in our systems, platforms and services can lead to major dangers, risks and problems. More and more information is being collected and analyzed, leading to significant efficiency gains and new applications. In cyber-physical systems, this results in far-reaching automation with, among other things, autonomous robots, cars and drones. The entire infrastructure of society is also being transformed; we get smarter cities (smart cities), smart transport systems (smart transport) and smart electricity grids (smart grids), smarter hospital facilities, etc. This transformation affects all sectors, both within the government (general policy, education and health, infrastructure, police, defense) and within the private industry: critical infrastructure, transport, manufacturing, financial sector, media, health sector.
    [Show full text]
  • To the Memory of Our Colleague and Friend Andreas Pfitzmann
    To the memory of our colleague and friend Andreas Pfitzmann The protection of people’s privacy was dear to Andreas’ heart. He was an inspiration to all of us, and many of the results presented in this book owe to him. Preface Publication is a self-invasion of privacy. Marshall McLuhan Individuals in the Information Society want to safeguard their autonomy and retain control over their personal information, irrespective of their activities. Information technologies generally do not consider those user requirements, thereby putting the privacy of the citizen at risk. At the same time, the Internet is changing from a client- server to a collaborative paradigm. Individuals are contributing throughout their life leaving a life-long trace of personal data. This raises substantial new privacy chal- lenges. Saving digital privacy. By 2008, the European project PRIME (Privacy and Identity Management for Europe) had demonstrated that existing privacy technologies can enable citizens to execute their legal rights to control their personal information in on-line transactions. It had raised considerable awareness amongst stakeholders and has significantly advanced the state of the art in the areas of privacy and identity management. PrimeLife has been building on the momentum created and the results achieved by PRIME to address emerging challenges in the areas of privacy and identity management and really bring privacy and identity management to live: A first, short-term goal of PrimeLife was to provide scalable and configurable • privacy and identity management in new and emerging internet services and ap- plications such as virtual communities and Web 2.0 collaborative applications.
    [Show full text]
  • Small Tcbs of Policy-Controlled Operating Systems
    Anja Pölck Small TCBs of Policy-controlled Operating Systems Small TCBs of Policy-controlled Operating Systems Anja Pölck Universitätsverlag Ilmenau 2014 Impressum Bibliografische Information der Deutschen Nationalbibliothek Die Deutsche Nationalbibliothek verzeichnet diese Publikation in der Deutschen Nationalbibliografie; detaillierte bibliografische Angaben sind im Internet über http://dnb.d-nb.de abrufbar. Diese Arbeit hat der Fakultät für Informatik und Automatisierung der Technischen Universität Ilmenau als Dissertation vorgelegen. Tag der Einreichung: 1. Juli 2013 1. Gutachter: Prof. Dr.-Ing. habil. Winfried E. Kühnhauser (Technische Universität Ilmenau) 2. Gutachter: Prof. Dr. Elisa Bertino (Purdue University, West Lafayette, Indiana, USA) 3. Gutachter: Prof. Dr.-Ing. habil Wolfgang Fengler (Technische Universität Ilmenau) Tag der Verteidigung: 19. Dezember 2013 Technische Universität Ilmenau/Universitätsbibliothek Universitätsverlag Ilmenau Postfach 10 05 65 98684 Ilmenau www.tu-ilmenau.de/universitaetsverlag Herstellung und Auslieferung Verlagshaus Monsenstein und Vannerdat OHG Am Hawerkamp 31 48155 Münster www.mv-verlag.de ISBN 978-3-86360-090-7 (Druckausgabe) URN urn:nbn:de:gbv:ilm1-2013000632 Titelphoto: photocase.com Abstract IT systems with advanced security requirements increasingly apply problem-specific security policies for describing, analyzing, and implementing security properties. Security policies are a vital part of a system’s trusted computing base (TCB). Hence, both correctness and tamper-proofness of a TCB’s implementation are essential for establishing, preserving, and guaranteeing a system’s security properties. Today’s operating systems often show that implementing security policies is a challenge; for more than forty years, they have provided only a rather elementary support for discretionary, identity-based access control policies. As a consequence, major parts of the applications’ security policies are implemented by the applications themselves, resulting in large, heteroge- neous, and distributed TCB implementations.
    [Show full text]
  • Bulletin EATCS
    1 1 ISSN 0252–9742 Bulletin of the European Association for Theoretical Computer Science EATCS E A T C S Number 98 June 2009 1 1 2 2 2 2 3 3 C E A T C S P:G A I V P:B M G D S U K P S G T:D J B B E:M S S L A I M M I K A T N M N D P-L C F C P F J D´ S D P I Z´ É H V S U K F F N Jˇ´ S C R G F. I I A T P J K¨ F W T G R E. L USA I W G J L T N E W S E M I G W¨ T N P P: M N (1972–1977)M P (1977–1979) A S (1979–1985)G R (1985–1994) W B (1994–1997)J D´ (1997–2002) M N (2002–2006) 3 3 4 4 EATCS C M Luca Aceto . [email protected] Giorgio Ausiello . [email protected] Krzysztof Apt . [email protected] Pierre-Louis Curien . [email protected] Josep Díaz . [email protected] Zoltán Ésik . [email protected] Fedor Fomin . [email protected] Giuseppe F. Italiano . [email protected] Dirk Janssens . [email protected] Juhani Karhumäki . [email protected] Richard E. Ladner . [email protected] Jan van Leeuwen . [email protected] Eugenio Moggi . [email protected] Burkhard Monien . [email protected] Madhavan Mukund .
    [Show full text]