obligation monitoring in policy management
play

Obligation Monitoring in Policy Management Claudio Bettini * , - PowerPoint PPT Presentation

Jan 20, 2024 •723 likes •951 views

Obligation Monitoring in Policy Management Claudio Bettini * , Sushil Jajodia # , X. Sean Wang # , Duminda Wijesekera # Universit`a di Milano, Italy * and George Mason University # Bettini et al. Policy 2002 1 Need for Provisions and

  1. Obligation Monitoring in Policy Management Claudio Bettini * , Sushil Jajodia # , X. Sean Wang # , Duminda Wijesekera # Universit`a di Milano, Italy * and George Mason University # Bettini et al. Policy 2002 1

  2. Need for Provisions and Obligations • Policies are widely used in many different systems • Yes/no response to every request is just not enough • Provisions: Conditions t o be satisfied before permission is considered • Obligations: Conditions to be fulfilled as a consequence of “yes” Bettini et al. Policy 2002 2

  3. Eg: Electronic Loan Application • Provisions: Registered account holder – Either already registered or register now! – Some actions need to be taken in order to satisfy the obligations • Conditions: – Have a good credit history – Makes enough money to pay back • Then, the bank sells the loan Bettini et al. Policy 2002 3

  4. Example continued • Obligations – Customer needs to make up her mind in a week – Agree to abide by following conditions 1. Have to pay an installment every month by the due date 2. If not, have to pay installment+surcharge within two weeks grace period 3. Failing (2), the loan will be cancelled and property re-processed. Bettini et al. Policy 2002 4

  5. Representation of the Problem • Access control uses a rule-based system. • Rules are Horn clauses decorated with provisions and obligations. • Provisions and obligations are constructed from conjunctions and disjunctions of literals. • Have disjoint sets of atoms for predicates in rules and their decorations • Terms are made of constants and variables shared across both kinds of predicates. Bettini et al. Policy 2002 5

  6. Example Specification 1. canDo(customer,loan,read) <- Prov: register(customer) 2. canDo(customer,loan,apply) <- canDo(customer,loan,read), Prov: signedLetterOfIntent(customer,loan) Bettini et al. Policy 2002 6

  7. Example Continued 3. access(customer,loan,selfApprove) <- reliable(customer,score,time), score>7.2, computePayment(customer,loan,amount), income(customer,salary), salary>2.amount Obl 1: signWithin(customer,loan,time,7) Obl 2: payOffLoan(customer,loan,time+3600) Bettini et al. Policy 2002 7

  8. Selecting Among Options register(cus,regular) <- Prov: pay($10) register(cus,preferred) <- Prov: pay($30) canDo(cus,purchase,x,price) <- register(cus,regular) Prov: pay($price) canDo(cus,purchase,x,price) <- register(cus,preferred) Prov: pay($(80%).price ) Bettini et al. Policy 2002 8

  9. Optimization • Can compute cost for each option, and optimize the purchasing plan. • Similarly, can have optimizations over obligations • Paper in VLDB details some optimization strategies. Bettini et al. Policy 2002 9

  10. Structure of Obligations-I • Every Obligation has: – A fulfilling clause • A finite set of actions to be taken by the system when the obligation is fulfilled – A defaulting clause: Compensating Activity • An instance of an obligation • A finite set of obligations to be taken by the system when the obligation is defaulted • Constraint: All obligation chains are finite and no cycles. • Action: sending or receiving of an event Bettini et al. Policy 2002 10

  11. Compensations • Use a non-negative real number for scaling reliability of the customer. – Very much like the credit rating • Modeled by a predicate reliable(subject,score,time) • The system updates the reliability by sending the event send(adjReliable,sys,time,sub,score) Bettini et al. Policy 2002 11

  12. Example OBL Definition: payByDate(cust,loan,t,pmnt,penalty,upScore,dwnScore) FUL: [ Action List: {send(ackReciept,cust,now,loan,pmnt), send(adjRel,system,cust,now,upScore)}] DEF: OBL: payByExtDate(cust,time,pmnt+penalty) [ Action List: send(reminder,cust,now,loan,pay-penalty), send(adjRel,system,cust,now,-downScore)] Bettini et al. Policy 2002 12

  13. Structure of Obligations - II Obligations are hierarchically as • Using one obligation in the defining clause of another • If O 1 , O 2 are obligations then so are O 1 /\O 2 , O 1 \/O 2 • If O(x) is an obligation definition template then [for x=1 to n O(x)] is an obligation If p is a predicate then [if p then O] is an • obligation Bettini et al. Policy 2002 13

  14. Example buyWithin(cust,loan,time,7) /\ [ for n=1 to 36 if (not (receive(loanCancelNotice,cust,loan) /\ (t < 30n) { payByDate(cust,30n+5,pay) \/ payByExtDate(cust,30n+15,pay+100) } ] Bettini et al. Policy 2002 14

  15. Monitoring Obligation Fulfilling • Recursively build an algorithm to monitor obligations, based on the system having an event service. • Note: For loops are syntactic sugar for conjunctions of obligations. That is for i=1to n O(i) is equivalent to O(1)/\O(2)….O(n) Bettini et al. Policy 2002 15

  16. Basic Step • For each atomic obligation O let – fulAct(O) be the set of actions corresponding to the fulfillment of O. The obligation is met iff the “system” receives all events in fulAct(O). In that case the system must generate all events listed in the fulfillment clause of the obligation. Else generate all actions listed in the DEF clause. Bettini et al. Policy 2002 16

  17. Conditional Step • If the obligation O is of the form if condition O’ • Change all receive predicates in the condition to send predicates. • If events corresponding to the transformed predicate have been sent by the system then fulAct(O) is fulAct(O’) Bettini et al. Policy 2002 17

  18. Conjunctions and Disjunctions • fulAct(O /\ O’) = fulAct(O) U fulAct(O’) – That is O/\O’ is fulfilled iff both O, O’ are fulfilled • fulAct(O \/ O’) = fulAct(O) n fulAct(O’) – That is O/\O’ is fulfilled iff either of O, O’ are fulfilled. Bettini et al. Policy 2002 18

  19. Related Work - I • PONDER has event triggered condition action rules as obligation policies. • Provisional authorizations have been proposed by Jajodia et al. – Computes weakest precondition under which a provisional authorization can be granted • Incorporated into XML by Kudo et al, where a provision models – Verifying, encrypting, transforming text etc. Bettini et al. Policy 2002 19

  20. Related Work - II • Chomicki et al. proposed using a past time temporal logic for specifying constraints in policies. Obligations can be seen as a kind of constraint placed on the future time. • Minsky et al. First applied obligations to security policies and coordination, in which obligations are strictly enforced and not only monitored. • Work of Donson et al. Bettini et al. Policy 2002 20

  21. Work in Progress • Reasoning about provisions and obligations • Translating provisions and obligations into logic programs without events by using event calculus ala Kowalski et al. • Monitoring obligations that have complex quantitative temporal conditions Bettini et al. Policy 2002 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Telephone Monitoring and Management Software Telephone Monitoring and Management Software

Telephone Monitoring and Management Software Telephone Monitoring and Management Software

Telephone Monitoring and Management Software Telephone Monitoring and Management Software TELECHECK is a PC based call monitoring system, adds utility to your customer by capturing and managing outgoing telephone calls data. It speedily provides

184 views • 16 slides
State of monitoring and evaluation of policy and GHG emissions in Thailand State of monitoring

State of monitoring and evaluation of policy and GHG emissions in Thailand State of monitoring

State of monitoring and evaluation of policy and GHG emissions in Thailand State of monitoring and evaluation of policy Ministry of Natural Resource and Environment Ministry of Energy The monitoring and evaluation system of MNRE

439 views • 14 slides
Sate of pla lay im implementation Art 15 CFP - the EU Landing Obligation - Pim Visser,

Sate of pla lay im implementation Art 15 CFP - the EU Landing Obligation - Pim Visser,

Sate of pla lay im implementation Art 15 CFP - the EU Landing Obligation - Pim Visser, chief executive VisNed About Vis isNed National Association 5/7 Dutch Demersal Fish Producer Organisations Fishery Policy Spatial

319 views • 17 slides
Development Department Overview Compliance Monitoring Federal Programs and Portfolio Management

Development Department Overview Compliance Monitoring Federal Programs and Portfolio Management

Development Department Overview Compliance Monitoring Federal Programs and Portfolio Management (HOME, CDBG, ESG, HOPWA, CNI) Housing Policy Asset Implementation Management &amp; Repositioning Promise Zone Housing Finance Special Initiatives

169 views • 13 slides
Flexible Resource Adequacy Criteria and Must-Offer Obligation Working Group Meeting December 13,

Flexible Resource Adequacy Criteria and Must-Offer Obligation Working Group Meeting December 13,

Flexible Resource Adequacy Criteria and Must-Offer Obligation Working Group Meeting December 13, 2013 Karl Meeusen, Ph.D. Market Design and Regulatory Policy Lead Outline Must offer obligation Allocation of flexible capacity

139 views • 12 slides
Omnibus Industry-Funded Monitoring Amendment Management Alternatives Under Consideration

Omnibus Industry-Funded Monitoring Amendment Management Alternatives Under Consideration

Omnibus Industry-Funded Monitoring Amendment Management Alternatives Under Consideration PDT/FMAT Report By Melissa Hooper Observer Policy Committee Meeting August 19, 2014 Purpose and Need Allow Councils to implement IFM programs when

260 views • 24 slides
MVLWB Technical Session 2 MANAGEMENT AND MONITORING PLANS GENERAL OVERVIEW September 11 to

MVLWB Technical Session 2 MANAGEMENT AND MONITORING PLANS GENERAL OVERVIEW September 11 to

MVLWB Technical Session 2 MANAGEMENT AND MONITORING PLANS GENERAL OVERVIEW September 11 to 13, 2019 1 Management and Monitoring/Plans Existing Condition *Surveillance Network Program *Dust Management and Monitoring Plan

609 views • 40 slides
Pricing a Collateralized Debt Obligation A Collateralized Debt Obligation (CDO) is a structured

Pricing a Collateralized Debt Obligation A Collateralized Debt Obligation (CDO) is a structured

Pricing a Collateralized Debt Obligation A Collateralized Debt Obligation (CDO) is a structured fi- nancial transaction; it is one kind of Asset-Backed Security (ABS). A Manager designs a portfolio of debt obligations, such as corporate

391 views • 10 slides
Postmarket monitoring Overview Risk management plans What is postmarket monitoring?

Postmarket monitoring Overview Risk management plans What is postmarket monitoring?

Postmarket monitoring Overview Risk management plans What is postmarket monitoring? Signals Why is it important? Recall actions Tools used in postmarket monitoring Pharmacovigilance Inspection

958 views • 23 slides
$450,005,000* The School District of Philadelphia General Obligation &amp; General Obligation

$450,005,000* The School District of Philadelphia General Obligation &amp; General Obligation

$450,005,000* The School District of Philadelphia General Obligation &amp; General Obligation Refunding Bonds, Series A, B &amp; C of 2019, Series of 2020 (Forward Delivery) $187,730,000* State Public School Building Authority School Lease

569 views • 29 slides
Avenue Controller Remote management and monitoring solution for the MSP 1. Challenges for the

Avenue Controller Remote management and monitoring solution for the MSP 1. Challenges for the

Avenue Controller Remote management and monitoring solution for the MSP 1. Challenges for the MSP 2 Problems for the MSP Connectivity Monitoring Automation Provide access towards Setting up a monitoring Deployment of IPsec VPNs

384 views • 14 slides
FruitFlyNet A Locationaware System for Fruit Fly Monitoring and Pest Management Control

FruitFlyNet A Locationaware System for Fruit Fly Monitoring and Pest Management Control

FruitFlyNet A Locationaware System for Fruit Fly Monitoring and Pest Management Control Location Aware Systems (LASs) for Fruit Fly Monitoring and Pest Management Control Project Overview E-monitoring and pest management design issues of a

573 views • 18 slides
MCC Speed Management Policy Agenda Purpose of the Speed Management Policy Results of

MCC Speed Management Policy Agenda Purpose of the Speed Management Policy Results of

MCC Speed Management Policy Agenda Purpose of the Speed Management Policy Results of feedback from previous Road Safety workshop Sum Up; Questions &amp; Close MCC Speed Management Policy Purpose of the Speed Management Policy To

416 views • 16 slides
CABRI POLICY DIALOGUE (Session 5) Monitoring the execution of infrastructure projects 24 August

CABRI POLICY DIALOGUE (Session 5) Monitoring the execution of infrastructure projects 24 August

CABRI POLICY DIALOGUE (Session 5) Monitoring the execution of infrastructure projects 24 August 2017 National Treasury: South Africa 1 UNDERSTANDING INFRASTRUCTURE DELIVERY GOVERNMENTS INFRASTRUCTURE DELIVERY MANAGEMENT SYSTEM (IDMS)

440 views • 15 slides
Debt Management Plan Presented by: Chief Financial Officer Ben Gorzell Jr. Date: August 14,

Debt Management Plan Presented by: Chief Financial Officer Ben Gorzell Jr. Date: August 14,

Debt Management Plan Presented by: Chief Financial Officer Ben Gorzell Jr. Date: August 14, 2018 Types of Debt Issued General Obligation Bonds - Payable from ad valorem taxes, which must be voter approved Certificates of Obligation -

285 views • 25 slides
A37 Air Quality Update Legal Obligation The Council is legally required to review and assess air

A37 Air Quality Update Legal Obligation The Council is legally required to review and assess air

A37 Air Quality Update Legal Obligation The Council is legally required to review and assess air quality in the district under Part IV of the Environment Act 1995 . Monitoring data is compared to National Air Quality Objectives , for Nitrogen

668 views • 14 slides
ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java

ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java

ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java Extended Static Checker for Java an implementation of Hoare Logic. Semi-automatic theorem prover back-end. It is not intended to verify

331 views • 32 slides
Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de Some of the slides are based on or inspired by material by Wolfgang Ahrendt, Bernhard Beckert, Reiner H ahnle, Andreas Podelski 1 Motivation

899 views • 54 slides
Hoare-like Logics for Verifying and Applications Inferring Conditional Information Flow Loops

Hoare-like Logics for Verifying and Applications Inferring Conditional Information Flow Loops

Conditional Information Flow Amtoft et al 2-Assertion Logic Inference Algorithm Hoare-like Logics for Verifying and Applications Inferring Conditional Information Flow Loops and Arrays Foundations and Limitations Conclusion Torben Amtoft

456 views • 28 slides
Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90: Software Security Symbolic Execution Ahmed Rezine Hoare Triples and Deductive Reasoning IDA, Linkpings Universitet Hsttermin 2014 Static

373 views • 6 slides
This talk is about Data consistency in 3D Understanding consistency (Its the invariants,

This talk is about Data consistency in 3D Understanding consistency (Its the invariants,

This talk is about Data consistency in 3D Understanding consistency (Its the invariants, stupid) Primitive consistency mechanisms How primitives compose models How models relate / differ What they cost Understanding

365 views • 13 slides
A Classification of Weakly Acyclic Games Krzysztof R. Apt CWI and University of Amsterdam joint

A Classification of Weakly Acyclic Games Krzysztof R. Apt CWI and University of Amsterdam joint

A Classification of Weakly Acyclic Games Krzysztof R. Apt CWI and University of Amsterdam joint work with Sunil Simon CWI A Classification of Weakly Acyclic Games p. 1/29 Strategic Games Strategic game for n 2 players: For each player

311 views • 29 slides
Signature-based criteria for computing weak Grbner bases over PIDs Maria Francis 1,2 , Thibaut

Signature-based criteria for computing weak Grbner bases over PIDs Maria Francis 1,2 , Thibaut

Signature-based criteria for computing weak Grbner bases over PIDs Maria Francis 1,2 , Thibaut Verron 1 1. Institute for Algebra, Johannes Kepler University, Linz, Austria 2. Indian Institute of Technology, Hyderabad, India Special session

609 views • 25 slides
CS675: Convex and Combinatorial Optimization Spring 2018 Consequences of the Ellipsoid Algorithm

CS675: Convex and Combinatorial Optimization Spring 2018 Consequences of the Ellipsoid Algorithm

CS675: Convex and Combinatorial Optimization Spring 2018 Consequences of the Ellipsoid Algorithm Instructor: Shaddin Dughmi Outline Recapping the Ellipsoid Method 1 Complexity of Convex Optimization 2 Complexity of Linear Programming 3

940 views • 92 slides

More recommend