Graduation Year
2020
Document Type
Dissertation
Degree
Ph.D.
Degree Name
Doctor of Philosophy (Ph.D.)
Degree Granting Department
Computer Science and Engineering
Major Professor
Jay Ligatti, Ph.D.
Committee Member
Adriana Iamnitchi, Ph.D.
Committee Member
Yicheng Tu, Ph.D.
Committee Member
Sean Barbeau, Ph.D.
Committee Member
Brendan Nagle, Ph.D.
Keywords
Security, Policy Composition, Obligations, Policy specification
Abstract
Existing security-policy specification languages allow users to specify obligations, but open challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing policies to react to the obligations of other policies.
An atomic obligation requires that either all or none of the included actions are executed. Atomicity can be extended to include the decision to permit or deny an event after the obligation executes. For many practical policies, obligation atomicity is necessary for correctness. Executing only the parts of such an obligation violates its atomicity which can lead to an undesirable result.
Presented here in this dissertation is PoCo, a policy Specification language and enforcement system for the principled composition of atomic-obligation policies. PoCo enables policies to interact meaningfully with the obligations of other policies, thus preventing the unexpected and insecure behaviors that can arise due to partially executed obligations or obligations that execute actions in violation of other policies. As far as we are aware, PoCo is the first system that supports the composition of atomic obligations, including conflict resolution between policies and obligations as well as allowing a policy to react to obligations of other policies.
Scholar Commons Citation
Albright, Yan Cao, "Composition of Atomic-Obligation Security Policies" (2020). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/8154
