Graduation Year


Document Type




Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Computer Science and Engineering

Major Professor

Jay Ligatti, Ph.D.

Committee Member

Srinivas Katkoori, Ph.D.

Committee Member

Yao Liu, Ph.D.

Committee Member

Huseyin Arslan, Ph.D.

Committee Member

Brendan Nagle, Ph.D.


obligations, policy composition, programming languages, software engineering, software security


There has been significant work to date on policy-specification languages that allow specification of arbitrary obligations, but there continues to exist open challenges in the composition of these arbitrary obligations, especially when obligations can be complex (i.e. consist more than one action). There are currently no solutions that allow complete and automatic resolution of conflicts between policies and other policies' obligations or that allow policies to react to the complex obligations of other policies. In particular, there is minimal work that considers the benefits and challenges of allowing complex obligations that operate in an atomic fashion, that is that execute in their entirety or not at all. This dissertation presents PoCo, a policy-specification language and enforcement system that allows for the principled composition of atomic-obligation policies. PoCo enables policies to interact meaningfully with other policies' obligations and thus prevents the unexpected and insecure behaviors that can arise with partially executed obligations or obligations that violate other policies. Specifically, this dissertation presents the organization and operation of the PoCo security policy and enforcement system and an analysis of the PoCo language's formal syntax and semantics as well as several specific and useful properties of this language.