1 / 18

Preventing Theft By Keeping Good Company

Learn how to prevent theft by following parental advice and trusting a law-abiding community. Explore the concept of law-governed interactions and the implementation of communal access control in preventing theft.

dkramer
Download Presentation

Preventing Theft By Keeping Good Company

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Preventing TheftByKeeping Good Company Naftaly Minsky Rutgers University

  2. Outline • A real life example: the theft of theater seats. • Parental advice about avoiding theft. • How to realize the parental advice—over the internet.

  3. Theft of Theater Seats—an Example • Suppose that a theater issues only one ticket for every seat, at any given performance; and that no one is admitted without a ticket. • A theater-ticket is transferable right to occupy a specified seat at a given performance, and may change many hand before it is purchased by one who attempts to use it. • But tickets can be forged, so one might find his seat occupied—stolen--when coming to the theater. • Question: what can one do to avoid such theft?

  4. What did our Parents Tell Us? • “Associate only with honest, law-abiding, individuals”. • This must mean, in this case, to accept tickets from somebody you trust: • not to be a forger; • to have “good education”, i.e., to follow this parental advice. • So, one ends up trusting a whole, recursively defined, community to be law-abiding. • The theater goers constitute such a community—more or less. • Can such a law-abiding community be realized over the internet? • This should help prevent some thefts, and other mishaps.

  5. But the conventional access-control is server-centric server Reference Monitor(RM) Access-Control to the Rescue

  6. delegate The Need to Support Communal AC Policy Enterprise-wide (communal) policy P Enterprise

  7. The Concept of Law-Governed Interaction (LGI) • LGI is a message exchange mechanism that enables a community of distributed agents to interact under an explicit and strictly enforced policy, called the “law” of this community. • Some characteristics of LGI: • Laws are about the interaction between agents—it is a generalized access-control mechanism. • Laws are about local behavior, but they have global, communal, implications, because everybody in the given community is subject to the same law. • Incremental deployment, and efficient execution • Enforcement is decentralized---for scalability. • To be released in May 2005, via:http://www.cs.rutgers.edu/moses/

  8. v u m ==> x m L m’ m ==> y y x I S Reference monitor Legend: L---Explicit statement of a Law. I---Policy interpreter S---the interaction state of the community Centralized Enforcement of Communal Laws * The problems: potential congestion, and single point of failure * Replication does not help, if S changes rapidly enough

  9. m ==> y m m v u L L I L I L m ==> y y Su Sy I x I Sx S L m’ I Sv m’’ Distributed Law-Enforcement under LGI

  10. The local nature of LGI laws • Laws are defined locally, at each agent: • They deal explicitly only with local events—such as the sending or arrival of a message. • the ruling of a law for an event e at agent x is a function of e, and of the local control state CSX of x. • a ruling can mandate only local operations at x. • This localization does not reduce the expressive power of LGI laws, • and it provides scalability for many (not all) laws.

  11. L I L m ==> y y CSy I x CSx [m’,hash(L)] Cx m’’ Cx Cy On the basis for trust between members of a community • For a member of an L-community to trust its interlocutors to comply with the same law, one needs to ensure: • that the exchange of L-messages is mediated by correctly implemented controllers . • that interacting controllers operate under the same law L. • Such assurances are provided, basically, via certification of controllers, and the exchange of the hash of the law.

  12. controller server controller server I I I I I I m ==> y y x adopt(…) m’ L L adopt(L, name) adopt(L, name) adopt(…) m’’ Deployment of LGIVia Distributed TCB (DTCB)

  13. L L L L L enter T release transfer transfer transfer enter A Law-Abiding Community of Theater-Goers T T T T Theater T T

  14. A Qualification about “enforcement” • It is not possible to compel anybody to operate under any particular law, or to use LGI, for that matter. • Yet, an agent may be effectively compelled to exchange L-messages, if it needs services provided only under this law. • In our case, for example, if the theater admits only via L-message then theater goers, would have to use L-message to get tickets, and so would “street vendors”, if they want their tickets to be purchased.

  15. The Theater Law(Written in prolog) • R1. certified([issu(CA),subj(X), attr([role(theater)])) :- do(+role(theater))). • R2. sent(H,releaseTicket(t(H,P)),Y):- role(theater)@CS, do(forward). • R3. arrived(H,releaseTicket(t(H,P)),Y) :- do(+t(H,P)), do(deliver). • R4. sent(X,transfer(t(H,P)),Y) :- t(H,P)@CS, do(-t(H,P)), do(forward). • R5. arrived(X,transfer(t(H,P)),Y) :- do(+t(H,P)), do(deliver). • R6. sent(X,enter(t(H,P)),H) :- t(H,P)@CS, do(-t(H,P)), do(forward). • R7. arrived(X,enter(t(H,P)),H) :- do(deliver).

  16. Questions?

  17. The Theater Law (part 1) • R1. certified([issu(CA),subj(X), attr([role(theater)])) :- do(+role(theater))). • An agent may claim the role of a theater by presenting an apptopriate certificate issued by cityHall. • R2. sent(H,releaseTicket(t(H,P)),Y):- role(theater)@CS, do(forward). • Only a theater can realse tickets, and only its own. • R3. arrived(H,releaseTicket(t(H,P)),Y) :- do(+t(H,P)), do(deliver). • An arriving ticket is maintained in the CS of the receiver.

  18. The Theater Law (part 2) • R4. sent(X,transfer(t(H,P)),Y) :- t(H,P)@CS, do(-t(H,P)), do(forward). • Transferring a ticket to somebody else. • R5. arrived(X,transfer(t(H,P)),Y) :- do(+t(H,P)), do(deliver). • Receiving a transferred ticket. • R6. sent(X,enter(t(H,P)),H) :- t(H,P)@CS, do(-t(H,P)), do(forward). • Entering a theater, with a valid ticket • R7. arrived(X,enter(t(H,P)),H) :- do(deliver).

More Related