Abstract
We present a system model, an enforcement mechanism, and a policy language for the proactive enforcement of timed provisions and obligations. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system's existing functionality to avert policy violations proactively, rather than compensate for them reactively, and, (2) instead of requiring the manual specification of remedial actions in the policy, we automatically deduce required actions directly from the policy. As a policy language, we employ timed dynamic condition response (DCR) processes. DCR primitives declaratively express timed provisions and obligations as causal relationships between events, and DCR states explicitly represent pending obligations. As key technical results, we show that enforceability of DCR policies is decidable, we give a sufficient polynomial time verifiable condition for a policy to be enforceable, and we give an algorithm for determining from a DCR state a sequence of actions that discharge impending obligations.
Original language | English |
---|---|
Journal | I E E E Computer Security Foundations Symposium. Proceedings |
Pages (from-to) | 120-134 |
Number of pages | 15 |
ISSN | 1940-1434 |
DOIs | |
Publication status | Published - 11 Aug 2016 |
Event | IEEE Computer Security Foundations Symposium - Lisbon, Portugal Duration: 27 Jun 2016 → 1 Jul 2016 Conference number: 28 http://csf2016.tecnico.ulisboa.pt/ |
Conference
Conference | IEEE Computer Security Foundations Symposium |
---|---|
Number | 28 |
Country/Territory | Portugal |
City | Lisbon |
Period | 27/06/2016 → 01/07/2016 |
Internet address |
Keywords
- Proactive Enforcement
- Timing Provisions
- Policy Language
- DCR Processes
- Causal Relationships