Abstract
We present a system model, an enforcement mechanism, and a policy language for the proactive enforcement of timed provisions and obligations. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system's existing functionality to avert policy violations proactively, rather than compensate for them reactively, and, (2) instead of requiring the manual specification of remedial actions in the policy, we automatically deduce required actions directly from the policy. As a policy language, we employ timed dynamic condition response (DCR) processes. DCR primitives declaratively express timed provisions and obligations as causal relationships between events, and DCR states explicitly represent pending obligations. As key technical results, we show that enforceability of DCR policies is decidable, we give a sufficient polynomial time verifiable condition for a policy to be enforceable, and we give an algorithm for determining from a DCR state a sequence of actions that discharge impending obligations.
Originalsprog | Engelsk |
---|---|
Tidsskrift | I E E E Computer Security Foundations Symposium. Proceedings |
Sider (fra-til) | 120-134 |
Antal sider | 15 |
ISSN | 1940-1434 |
DOI | |
Status | Udgivet - 11 aug. 2016 |
Begivenhed | IEEE Computer Security Foundations Symposium - Lisbon, Portugal Varighed: 27 jun. 2016 → 1 jul. 2016 Konferencens nummer: 28 http://csf2016.tecnico.ulisboa.pt/ |
Konference
Konference | IEEE Computer Security Foundations Symposium |
---|---|
Nummer | 28 |
Land/Område | Portugal |
By | Lisbon |
Periode | 27/06/2016 → 01/07/2016 |
Internetadresse |
Emneord
- Proactive Enforcement
- Timing Provisions
- Policy Language
- DCR Processes
- Causal Relationships