Abstract
This paper presents a formal approach based on deontic logic to model security policies that contain exceptions and contraries to duty (CTD). A CTD is a deontic rule which specifies what should happen in case of violation of other security rules like obligations or prohibitions. For example, CTD are useful to specify response policies that apply when an intrusion that attempts to violate the security policy is detected. CTD are well known puzzles in deontic logic because it is difficult to handle them without raising paradoxes. In this paper, we define a new approach to handle both exceptions and CTD and possible interactions between exceptions and CTD. This model is based on stratifying the security policy. We actually show how to use stratification differently to manage exceptions and CTD. This model solves paradoxes and precisely defines which security rules are violated and which security rules actually apply.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In the literature, different names are given to this last concept corresponding to a non obligation like omission or dispensation. In a security policy, the concept of non obligation fits well with an exemption.
- 2.
SDL stands for “Standard Deontic Logic” and suggests modeling the obligation modality using a KD logic, i.e. a logic having the following axiomatics (1) Necessitation: If p is a theorem then Op is a theorem, (2) Axiom K: \((Op \wedge O(p \rightarrow q)) \rightarrow O q\) and (3) Axiom D: \(\lnot (Op \wedge O\lnot p)\).
- 3.
Means that these situations correspond to consistent conditions so both of them can be simultaneously satisfied.
- 4.
We assume that conditional prohibition \(F(q \mid p)\) are rewritten in \(O(\lnot q \mid p)\). Notice that we cannot associate a CTD with a conditional permission or exemption.
References
Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G., Oulmakhzoune, S.: Deployment of a posteriori access control using IHE ATNA. Int. J. Inf. Secur. 14(5), 471–483 (2015)
Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G.: A posteriori access and usage control policy in healthcare environment. J. Inf. Assur. Secur. 6(5), 389–397 (2011)
Åqvist, L.: Combinations of tense and deontic modality. In: Lomuscio, A., Nute, D. (eds.) DEON 2004. LNCS (LNAI), vol. 3065, pp. 3–28. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25927-5_3
Benferhat, S., El Baida, R., Cuppens, F.: A stratification-based approach for handling conflicts in access control. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), Lake Come, Italy, June 2003
Benferhat, S., Dubois, D., Prade, H.: Nonmonotonic reasoning, conditional objects and possibility theory. Artif. Intell. J. 92(1–2), 259–276 (1997)
Belzer, M.: A logic of deliberation. In: Fifth National Conference on Artificial Intelligence, pp. 38–43 (1986)
Bertino, E., Jajodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symposium on Security and Privacy, Oakland, USA (1996)
Cuppens-Boulahia, N., Cuppens, F.: Specifying intrusion detection and reaction policies: an application of deontic logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 65–80. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70525-3_7
Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: IEEE Symposium on Security and Privacy, Oakland, CA, May 1997
Cuppens, F., Cuppens-Boulahia, N., Elrakaiby, Y.: Formal specification and management of security policies with collective group obligations. J. Comput. Secur. 21(1), 149–190 (2013)
Cuppens, F., Cuppens-Boulahia, N., Ben Ghorbel, M.: High level conflict management strategies in advanced access control models. Electr. Notes Theor. Comput. 186, 3–26 (2007)
Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Nomad: a security model with non atomic actions and deadlines. In: CSFW, pp. 186–196 (2005)
Cholvy, L., Garion, C.: An attempt to adapt a logic of conditional preferences for reasoning with contrary-to-duties. Fundamenta Informaticae 48(2, 3), 183–204 (2001)
Chisholm, R.M.: Contrary-to-duty imperatives and deontic logic. Analysis 24, 33–36 (1963)
Carmo, J., Jones, A.: Deontic logic and contrary-to-duties. In: Handbook of Philosophical Logic: Extensions to Classical Systems, 2nd edn, vol. 8, pp. 265–343. Kluwer Publishing Company (2002)
Dignum, F., Broersen, J., Dignum, V., Meyer, J.-J.: Meeting the deadline: why, when and how. In: Hinchey, M.G., Rash, J.L., Truszkowski, W.F., Rouff, C.A. (eds.) FAABS 2004. LNCS (LNAI), vol. 3228, pp. 30–40. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30960-4_3
Demolombe, R., Bretier, P., Louis, V.: Norms with deadlines in dynamic deontic logic. In: ECAI, Riva del Garda, Italy, pp. 751–752 (2006)
Debar, H., Thomas, Y., Cuppens, F., Cuppens-Boulahia, N.: Enabling automated threat response through the use of a dynamic security policy. J. Comput. Virol. 3(3), 195–210 (2007)
Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)
Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: 12th ACM Symposium on Access Control Models and Technologies, New York, USA, pp. 11–20 (2007)
Horty, J.F.: Deontic logic as founded in nonmonotonic logic. Ann. Math. Artif. Intell. 9, 69–91 (1993)
Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: ACM Conference on Computer and Communications Security, Alexandria, VA, pp. 127–147 (2006)
Jones, A.J.I., Pörn, I.: Ideality: sub-ideality and deontic logic. Synthese 65, 275–290 (1985)
Lang, J.: Possibilistic logic: complexity and algorithms. In: Kohlas, J., Moral, S. (eds.) Handbook of Defeasible Reasoning and Uncertainty Management Systems. HAND, vol. 5, pp. 179–220. Springer, Dordrecht (2000). https://doi.org/10.1007/978-94-017-1737-3_5
Luan, S., Magnani, L., Dai, G.: Algorithms for computing minimal conflicts. Logic J. IGPL 14(2), 391–406 (2006)
Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)
Tan, Y.-H., van der Torre, L.: The temporal analysis of Chisholm’s Paradox. In: AAAI/IAAI, pp. 650–655 (1998)
McCarthy, L.T.: Defeasible deontic reasoning. Fundamenta Informaticae 21, 125–148 (1994)
Meyer, J.-J.Ch.: A different approach to deontic logic: deontic logic viewed as a variant of dynamic logic. Notre Dame J. Formal Logic 21(1), 109–136 (1988)
Piolle, G., Demazeau, Y.: Obligations with deadlines and maintained interdictions in privacy regulation frameworks. In: 8th IEEE/WIC/ACM International Conference on Intelligent Agent Technology (IAT 2008), Sidney, Australia, pp. 162–168. IEEE Computer Society, December 2008
Prakken, H., Sergot, M.: Contrary-to-duty obligations. Studia Logica 57(1), 91–115 (1996)
Prakken, H., Sergot, M.: Dyadic deontic logic and contrary-to-duty obligations. In: Nute, D.N. (ed.) Defeasible Deontic Logic, pp. 223–262. Synthese Library (1997)
Parent, X., van der Torre, L.: The pragmatic oddity in norm-based deontic logics. In: ICAIL, pp. 169–178 (2017)
Tan, Y.-H., van der Torre, L.W.N.: Contextual deontic logic: violation contexts and factual defeasability. In: Meyer, J.-J.C., Schobbens, P.-Y. (eds.) Formal Models of Agents. LNCS (LNAI), vol. 1760, pp. 240–251. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-46581-2_16
van der Torre, L., Tan, Y.: The many faces of defeasibility in defeasible deontic logic. In: Nute, D. (ed.) Defeasible Deontic Logic. Synthese Library, vol. 263, pp. 79–121. Kluwer (1997)
van der Torre, L., Tan, Y.: An update semantics for prima facie obligations. In: Prade, H. (ed.) Proceedings of the Thirteenth European Conference on Artificial Intelligence (ECAI 1998), pp. 38–42 (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Cuppens, F., Cuppens-Boulahia, N. (2018). Stratification Based Model for Security Policy with Exceptions and Contraries to Duty. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-04834-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04833-4
Online ISBN: 978-3-030-04834-1
eBook Packages: Computer ScienceComputer Science (R0)