Doctor of Philosophy (Ph.D.)
Degree Granting Department
Computer Science and Engineering
Jay Ligatti, Ph.D.
Srinivas Katkoori, Ph.D.
Yao Liu, Ph.D.
Huseyin Arslan, Ph.D.
Brendan Nagle, Ph.D.
obligations, policy composition, programming languages, software engineering, software security
There has been significant work to date on policy-specification languages that allow specification of arbitrary obligations, but there continues to exist open challenges in the composition of these arbitrary obligations, especially when obligations can be complex (i.e. consist more than one action). There are currently no solutions that allow complete and automatic resolution of conflicts between policies and other policies' obligations or that allow policies to react to the complex obligations of other policies. In particular, there is minimal work that considers the benefits and challenges of allowing complex obligations that operate in an atomic fashion, that is that execute in their entirety or not at all. This dissertation presents PoCo, a policy-specification language and enforcement system that allows for the principled composition of atomic-obligation policies. PoCo enables policies to interact meaningfully with other policies' obligations and thus prevents the unexpected and insecure behaviors that can arise with partially executed obligations or obligations that violate other policies. Specifically, this dissertation presents the organization and operation of the PoCo security policy and enforcement system and an analysis of the PoCo language's formal syntax and semantics as well as several specific and useful properties of this language.
Scholar Commons Citation
Ferguson, Danielle, "Composition of Atomic-Obligation Security Policies" (2020). Graduate Theses and Dissertations.