Existing security-policy specification languages allow users to specify obligations, but open challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing policies to react to the obligations of other policies.
This project presents PoCo, short for policy composition. PoCo is a policy specification language and enforcement system that allows composed obligations to maintain their atomicity and enables policies to interact meaningfully with the obligations of other policies. Controlling obligations in this way prevents unexpected behaviors and security breaches due to partially executed obligations or obligations that execute actions in violation of other policies.
Composition of Atomic-Obligation Security Policies. Danielle Ferguson, Yan Albright, Daniel Lomsak, Tyler Hanks, Kevin Orr, and Jay Ligatti. USF Technical Report CSE-SEC-021719. February 2019.
PoCo Source Code. Yan Albright and Danielle Ferguson. February 2018.