Doctor of Philosophy (Ph.D.)
Degree Granting Department
Computer Science and Engineering
Jay Ligatti, Ph.D.
Adriana Iamnitchi, Ph.D.
Yicheng Tu, Ph.D.
Sean Barbeau, Ph.D.
Brendan Nagle, Ph.D.
Security, Policy Composition, Obligations, Policy specification
Existing security-policy specification languages allow users to specify obligations, but open challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing policies to react to the obligations of other policies.
An atomic obligation requires that either all or none of the included actions are executed. Atomicity can be extended to include the decision to permit or deny an event after the obligation executes. For many practical policies, obligation atomicity is necessary for correctness. Executing only the parts of such an obligation violates its atomicity which can lead to an undesirable result.
Presented here in this dissertation is PoCo, a policy Specification language and enforcement system for the principled composition of atomic-obligation policies. PoCo enables policies to interact meaningfully with the obligations of other policies, thus preventing the unexpected and insecure behaviors that can arise due to partially executed obligations or obligations that execute actions in violation of other policies. As far as we are aware, PoCo is the first system that supports the composition of atomic obligations, including conflict resolution between policies and obligations as well as allowing a policy to react to obligations of other policies.
Scholar Commons Citation
Albright, Yan Cao, "Composition of Atomic-Obligation Security Policies" (2020). Graduate Theses and Dissertations.