ACI_Dispo :

1. ACI_Dispo : Réunion de travail du 10-05-2005 Frédéric Cuppens Ahmed Bouabdallah Nora Cuppens-Boulahia

2. État d’avancement et perspective • Finalisé, • Nomad : Non atomic actions and deadlines • Enrichissement futur envisagé • En cours, • Modélisation de la disponibilité • Protocole TCP/IP avec techniques de Syn Cookies • Avec Nomad • Identification des aspects pertinents (au sens AOP) • Expression de la disponibilité • Réseaux Ad-hoc

3. Nomad • Provides means to specify a security policy • Conditional privileges • F(A|C) • P(A|C) • O(A|C) • Effective privileges • Expressed in a language of privileges with deadlines • Extends a logic of temporized actions with request • req, waiting • Extends a logic of temporized actions • start, doing, done, , , d and d • Provides means to specify non atomic privileges

4. The axioms of classical propositional logic (A → B) → (A → B) (A → B) → (A → B) ¬  ¬A ↔ A ¬  ¬A ↔ A A ↔ A A ↔ A start() ↔ ||||done() start(; ) ↔ (start()  ||||done()) start( & ) ↔ (start() start ()) start( & ) ↔ ||||done( & ) if |||| ≥ |||| doing() ↔ (start() (doing()  ¬done())) (doing()  ¬done()) →  ¬start() Axiomatics of the logic of temporized actions

5. Axiomatics of the logic of temporized actions with request • Axiomatics of logic of temporized actions • waiting() ↔ (req()  (waiting()  ¬ start()))

6. Obligations with deadlines • Violation of obligations occurs usually after a deadline elapsed • Obligation modality • OdA = OdA • OA is an immediate obligation (d0) • Where dis defined • 0A = 0A = A • d0 : d+1A = dA • (d+1)A = dA (d+1)A • d0 : d1A = dA •  (d−1)A = dA  (d−1)A

7. Conditional privileges • Most of privileges are only active in specific contexts • Diadic operators • O(A|C)  (C OA) • Od(A|C)  (C OdA) • F(A|C)  (C FA) • Fd(A|C)  (C FdA) • P(A|C)  (C PA) • Pd(A|C)  (C PdA) • Constraints • F(A|C ) ↔ O(¬A|C ) • (P(A|C ) C ) → ¬ F(A|C )

8. Effective privileges • Conditional privileges and conditions satisfied effective privileges • FeA= (F(A|C) C) • PeA= (P(A|C) C) • OedA= (Od(A|C) C) (Oe(d+1)A ¬A) • Oe0A=OeA

9. Expression of security properties in Nomad • Access Control requirement • Starting an action should be accepted Closed policy : d , d(start()  Pe(start()) Open policy : d , d(start()  Fe(start()) • Abiding with prohibition requirement • Generalizing access control properties d(A  FeA) • And obviously the absence of conflicts

10. Violation condition • Fulfillment modality • fullfill(A)  OedA  A • Violation modality • violation(A)  OedA  A • Security property associated with obligation fulfillment • d(violation (A))

11. Simple Nomad examples • Availability requirement O1D(start(open_account)|(exist_accountreq(open_account))) • User contract requirement O1H(done(open_account)|start(open_account)) • Repeated violation specification repeated_violation (violation(start(change_pwd)  O2D violation(start(change_pwd)))

12. Decomposition of actions and privileges

13. Decomposition of non atomic privileges • Example O(start(block_account; notify_repeated_violation)| repeated_violation) • Decomposition of immediate obligations • Decomposition of non atomic permissions • Decomposition of non atomic prohibitions • Decomposition of obligations with deadlines

14. Decomposition of immediate obligations • Theorem of decomposition O(A  B|C)  O(A|C) O(B|C) • The semantics of temporized actions says • start(&)  start() start() • start(;)  start()  ||||start() •  O(start(&)|C) O(start() |C)  O(start() |C) •  O(start(;)|C) O(start() |C) O(||||start()|C) • Exemple of blocking account O(start(block_account) | repeated_violation)  O(||block_account||start(notify_repeated_violation) | repeated_violation)

15. Decomposition of non atomic permissions • Theorems of decomposition P(A B|C)  P(A|C)P(B|C) P(A|C)O(B|C)  P(A  B|C) • From the semantics of temporized actions and the weaknessess of its direct application •  P(start( ; )|C)  P(start() |C) O(||||start() | (C start())) •  P(start( & )|C)  P(start() |C)  P(start() |C) O(start() |(C start())) O(start() |(C start())) • P(start(open_account ; change_pwd)|exist_account)  P(start(open_account) |exist_account) O(||open_account||start(change_pwd) |(exist_accountstart(open_account)))