Graduation Year
2024
Document Type
Dissertation
Degree
Ph.D.
Degree Name
Doctor of Philosophy (Ph.D.)
Degree Granting Department
Computer Science and Engineering
Major Professor
Jay Ligatti, Ph.D.
Committee Member
Xinming Ou, Ph.D.
Committee Member
Sriram Chellappan, Ph.D.
Committee Member
Achilleas Kourtellis, Ph.D.
Committee Member
Nathan Fisk, Ph.D.
Keywords
Policy Enforcement, Policy Specification, Provenance, SQL Injection Attacks, Usability, Variadic Argument Attacks
Abstract
The first step to improving an organization's security posture is to define the organization's security goals. At a technical level, these goals are expressed as security policies. Security policies are predicates over programs, that return true or false if the program adheres to the policy. Defining these policies correctly is thus essential to ensuring the overarching security goals are met, but it is often quite difficult to translate human-oriented goals into their technical policy counterparts. In addition, these policies must be specified so that they are enforceable while minimizing false positives and false negatives. Integrity policies, which specify how data should or should not be modified, are a common class of security policies. This dissertation explores how integrity policies can be specified, enforced, and measured across a variety of applications. This includes the development of a specialized graphical application for defining provenance policies, implementing a runtime monitor to enforce a memory access control policy, and crawling millions of GitHub projects to determine the potential impact of a proposed policy change for prepared-statement libraries.
Scholar Commons Citation
Dennis, Kevin, "Specification, Enforcement, and Measurement of Integrity Policies" (2024). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/10495
