Skip to main content
SpringerLink
Log in
Book cover

From Database to Cyber Security pp 78–103Cite as

Stratification Based Model for Security Policy with Exceptions and Contraries to Duty

  • Chapter
  • First Online:

  • 1799 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11170))

Abstract

This paper presents a formal approach based on deontic logic to model security policies that contain exceptions and contraries to duty (CTD). A CTD is a deontic rule which specifies what should happen in case of violation of other security rules like obligations or prohibitions. For example, CTD are useful to specify response policies that apply when an intrusion that attempts to violate the security policy is detected. CTD are well known puzzles in deontic logic because it is difficult to handle them without raising paradoxes. In this paper, we define a new approach to handle both exceptions and CTD and possible interactions between exceptions and CTD. This model is based on stratifying the security policy. We actually show how to use stratification differently to manage exceptions and CTD. This model solves paradoxes and precisely defines which security rules are violated and which security rules actually apply.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In the literature, different names are given to this last concept corresponding to a non obligation like omission or dispensation. In a security policy, the concept of non obligation fits well with an exemption.

  2. 2.

    SDL stands for “Standard Deontic Logic” and suggests modeling the obligation modality using a KD logic, i.e. a logic having the following axiomatics (1) Necessitation: If p is a theorem then Op is a theorem, (2) Axiom K: \((Op \wedge O(p \rightarrow q)) \rightarrow O q\) and (3) Axiom D: \(\lnot (Op \wedge O\lnot p)\).

  3. 3.

    Means that these situations correspond to consistent conditions so both of them can be simultaneously satisfied.

  4. 4.

    We assume that conditional prohibition \(F(q \mid p)\) are rewritten in \(O(\lnot q \mid p)\). Notice that we cannot associate a CTD with a conditional permission or exemption.

References

  1. Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G., Oulmakhzoune, S.: Deployment of a posteriori access control using IHE ATNA. Int. J. Inf. Secur. 14(5), 471–483 (2015)

    Article  Google Scholar 

  2. Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G.: A posteriori access and usage control policy in healthcare environment. J. Inf. Assur. Secur. 6(5), 389–397 (2011)

    Google Scholar 

  3. Åqvist, L.: Combinations of tense and deontic modality. In: Lomuscio, A., Nute, D. (eds.) DEON 2004. LNCS (LNAI), vol. 3065, pp. 3–28. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25927-5_3

    Chapter  Google Scholar 

  4. Benferhat, S., El Baida, R., Cuppens, F.: A stratification-based approach for handling conflicts in access control. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), Lake Come, Italy, June 2003

    Google Scholar 

  5. Benferhat, S., Dubois, D., Prade, H.: Nonmonotonic reasoning, conditional objects and possibility theory. Artif. Intell. J. 92(1–2), 259–276 (1997)

    Article  MathSciNet  Google Scholar 

  6. Belzer, M.: A logic of deliberation. In: Fifth National Conference on Artificial Intelligence, pp. 38–43 (1986)

    Google Scholar 

  7. Bertino, E., Jajodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symposium on Security and Privacy, Oakland, USA (1996)

    Google Scholar 

  8. Cuppens-Boulahia, N., Cuppens, F.: Specifying intrusion detection and reaction policies: an application of deontic logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 65–80. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70525-3_7

    Chapter  MATH  Google Scholar 

  9. Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: IEEE Symposium on Security and Privacy, Oakland, CA, May 1997

    Google Scholar 

  10. Cuppens, F., Cuppens-Boulahia, N., Elrakaiby, Y.: Formal specification and management of security policies with collective group obligations. J. Comput. Secur. 21(1), 149–190 (2013)

    Article  Google Scholar 

  11. Cuppens, F., Cuppens-Boulahia, N., Ben Ghorbel, M.: High level conflict management strategies in advanced access control models. Electr. Notes Theor. Comput. 186, 3–26 (2007)

    Article  MathSciNet  Google Scholar 

  12. Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Nomad: a security model with non atomic actions and deadlines. In: CSFW, pp. 186–196 (2005)

    Google Scholar 

  13. Cholvy, L., Garion, C.: An attempt to adapt a logic of conditional preferences for reasoning with contrary-to-duties. Fundamenta Informaticae 48(2, 3), 183–204 (2001)

    MathSciNet  MATH  Google Scholar 

  14. Chisholm, R.M.: Contrary-to-duty imperatives and deontic logic. Analysis 24, 33–36 (1963)

    Article  Google Scholar 

  15. Carmo, J., Jones, A.: Deontic logic and contrary-to-duties. In: Handbook of Philosophical Logic: Extensions to Classical Systems, 2nd edn, vol. 8, pp. 265–343. Kluwer Publishing Company (2002)

    Google Scholar 

  16. Dignum, F., Broersen, J., Dignum, V., Meyer, J.-J.: Meeting the deadline: why, when and how. In: Hinchey, M.G., Rash, J.L., Truszkowski, W.F., Rouff, C.A. (eds.) FAABS 2004. LNCS (LNAI), vol. 3228, pp. 30–40. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30960-4_3

    Chapter  Google Scholar 

  17. Demolombe, R., Bretier, P., Louis, V.: Norms with deadlines in dynamic deontic logic. In: ECAI, Riva del Garda, Italy, pp. 751–752 (2006)

    Google Scholar 

  18. Debar, H., Thomas, Y., Cuppens, F., Cuppens-Boulahia, N.: Enabling automated threat response through the use of a dynamic security policy. J. Comput. Virol. 3(3), 195–210 (2007)

    Article  Google Scholar 

  19. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)

    Article  Google Scholar 

  20. Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: 12th ACM Symposium on Access Control Models and Technologies, New York, USA, pp. 11–20 (2007)

    Google Scholar 

  21. Horty, J.F.: Deontic logic as founded in nonmonotonic logic. Ann. Math. Artif. Intell. 9, 69–91 (1993)

    Article  MathSciNet  Google Scholar 

  22. Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: ACM Conference on Computer and Communications Security, Alexandria, VA, pp. 127–147 (2006)

    Google Scholar 

  23. Jones, A.J.I., Pörn, I.: Ideality: sub-ideality and deontic logic. Synthese 65, 275–290 (1985)

    Article  MathSciNet  Google Scholar 

  24. Lang, J.: Possibilistic logic: complexity and algorithms. In: Kohlas, J., Moral, S. (eds.) Handbook of Defeasible Reasoning and Uncertainty Management Systems. HAND, vol. 5, pp. 179–220. Springer, Dordrecht (2000). https://doi.org/10.1007/978-94-017-1737-3_5

    Chapter  Google Scholar 

  25. Luan, S., Magnani, L., Dai, G.: Algorithms for computing minimal conflicts. Logic J. IGPL 14(2), 391–406 (2006)

    Article  MathSciNet  Google Scholar 

  26. Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)

    Article  Google Scholar 

  27. Tan, Y.-H., van der Torre, L.: The temporal analysis of Chisholm’s Paradox. In: AAAI/IAAI, pp. 650–655 (1998)

    Google Scholar 

  28. McCarthy, L.T.: Defeasible deontic reasoning. Fundamenta Informaticae 21, 125–148 (1994)

    MathSciNet  MATH  Google Scholar 

  29. Meyer, J.-J.Ch.: A different approach to deontic logic: deontic logic viewed as a variant of dynamic logic. Notre Dame J. Formal Logic 21(1), 109–136 (1988)

    Article  MathSciNet  Google Scholar 

  30. Piolle, G., Demazeau, Y.: Obligations with deadlines and maintained interdictions in privacy regulation frameworks. In: 8th IEEE/WIC/ACM International Conference on Intelligent Agent Technology (IAT 2008), Sidney, Australia, pp. 162–168. IEEE Computer Society, December 2008

    Google Scholar 

  31. Prakken, H., Sergot, M.: Contrary-to-duty obligations. Studia Logica 57(1), 91–115 (1996)

    Article  MathSciNet  Google Scholar 

  32. Prakken, H., Sergot, M.: Dyadic deontic logic and contrary-to-duty obligations. In: Nute, D.N. (ed.) Defeasible Deontic Logic, pp. 223–262. Synthese Library (1997)

    Google Scholar 

  33. Parent, X., van der Torre, L.: The pragmatic oddity in norm-based deontic logics. In: ICAIL, pp. 169–178 (2017)

    Google Scholar 

  34. Tan, Y.-H., van der Torre, L.W.N.: Contextual deontic logic: violation contexts and factual defeasability. In: Meyer, J.-J.C., Schobbens, P.-Y. (eds.) Formal Models of Agents. LNCS (LNAI), vol. 1760, pp. 240–251. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-46581-2_16

    Chapter  Google Scholar 

  35. van der Torre, L., Tan, Y.: The many faces of defeasibility in defeasible deontic logic. In: Nute, D. (ed.) Defeasible Deontic Logic. Synthese Library, vol. 263, pp. 79–121. Kluwer (1997)

    Google Scholar 

  36. van der Torre, L., Tan, Y.: An update semantics for prima facie obligations. In: Prade, H. (ed.) Proceedings of the Thirteenth European Conference on Artificial Intelligence (ECAI 1998), pp. 38–42 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMT Atlantique, 2 rue de la Châtaigneraie, 35576, Cesson Sévigné, France

    Frédéric Cuppens & Nora Cuppens-Boulahia

Authors
  1. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nora Cuppens-Boulahia .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Milano, Italy

    Pierangela Samarati

  2. Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Colorado State University, Fort Collins, CO, USA

    Indrakshi Ray

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Cuppens, F., Cuppens-Boulahia, N. (2018). Stratification Based Model for Security Policy with Exceptions and Contraries to Duty. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04834-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04833-4

  • Online ISBN: 978-3-030-04834-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation