Overview
Existing security-policy specification languages allow users to specify obligations, but open challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing policies to react to the obligations of other policies.
This project presents PoCo, short for policy composition. PoCo is a policy specification language and enforcement system that allows composed obligations to maintain their atomicity and enables policies to interact meaningfully with the obligations of other policies. Controlling obligations in this way prevents unexpected behaviors and security breaches due to partially executed obligations or obligations that execute actions in violation of other policies.
Contributors
Publications
PoCo: A Language for Specifying Obligation-Based Policy Compositions. Danielle Ferguson, Yan Albright, Daniel Lomsak, Tyler Hanks, Kevin Orr, and Jay Ligatti. Proceedings of the 9th International Conference on Software and Computer Applications (ICSCA), February 2020.
Composition of Atomic-Obligation Security Policies. Danielle Ferguson, Yan Albright, Daniel Lomsak, Tyler Hanks, Kevin Orr, and Jay Ligatti. USF Technical Report CSE-SEC-021719. February 2019. Revised September 2019.
PoCo Source Code. Yan Albright and Danielle Ferguson. February 2018.