ITU

In the Nick of Time: Proactive Prevention of Obligation Violations

Research output: Journal Article or Conference Article in JournalConference articleResearchpeer-review

View graph of relations

We present a system model, an enforcement mechanism, and a policy language for the proactive enforcement of timed provisions and obligations. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system's existing functionality to avert policy violations proactively, rather than compensate for them reactively, and, (2) instead of requiring the manual specification of remedial actions in the policy, we automatically deduce required actions directly from the policy. As a policy language, we employ timed dynamic condition response (DCR) processes. DCR primitives declaratively express timed provisions and obligations as causal relationships between events, and DCR states explicitly represent pending obligations. As key technical results, we show that enforceability of DCR policies is decidable, we give a sufficient polynomial time verifiable condition for a policy to be enforceable, and we give an algorithm for determining from a DCR state a sequence of actions that discharge impending obligations.
Original languageEnglish
JournalI E E E Computer Security Foundations Symposium. Proceedings
Pages (from-to)120-134
Number of pages15
ISSN1940-1434
DOIs
Publication statusPublished - 11 Aug 2016
EventIEEE Computer Security Foundations Symposium - Lisbon, Portugal
Duration: 27 Jun 20161 Jul 2016
Conference number: 28
http://csf2016.tecnico.ulisboa.pt/

Conference

ConferenceIEEE Computer Security Foundations Symposium
Number28
CountryPortugal
CityLisbon
Period27/06/201601/07/2016
Internet address

Downloads

No data available

ID: 81444445