In the Nick of Time: Proactive Prevention of Obligation Violations

David Basin, Søren Debois, Thomas Hildebrandt

Research output: Journal Article or Conference Article in JournalConference articleResearchpeer-review


We present a system model, an enforcement mechanism, and a policy language for the proactive enforcement of timed provisions and obligations. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system's existing functionality to avert policy violations proactively, rather than compensate for them reactively, and, (2) instead of requiring the manual specification of remedial actions in the policy, we automatically deduce required actions directly from the policy. As a policy language, we employ timed dynamic condition response (DCR) processes. DCR primitives declaratively express timed provisions and obligations as causal relationships between events, and DCR states explicitly represent pending obligations. As key technical results, we show that enforceability of DCR policies is decidable, we give a sufficient polynomial time verifiable condition for a policy to be enforceable, and we give an algorithm for determining from a DCR state a sequence of actions that discharge impending obligations.
Original languageEnglish
JournalI E E E Computer Security Foundations Symposium. Proceedings
Pages (from-to)120-134
Number of pages15
Publication statusPublished - 11 Aug 2016
EventIEEE Computer Security Foundations Symposium - Lisbon, Portugal
Duration: 27 Jun 20161 Jul 2016
Conference number: 28


ConferenceIEEE Computer Security Foundations Symposium
Internet address


Dive into the research topics of 'In the Nick of Time: Proactive Prevention of Obligation Violations'. Together they form a unique fingerprint.

Cite this