A First-Order Policy Language for History-Based Transaction Monitoring

Authors:
Andreas Bauer;Rajeev Goré;Alwen Tiu
Affiliations:
Logic and Computation Group College of Engineering and Computer Science, The Australian National University,;Logic and Computation Group College of Engineering and Computer Science, The Australian National University,;Logic and Computation Group College of Engineering and Computer Science, The Australian National University,
Venue:
ICTAC '09 Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing
Year:
2009

Citing 13
Cited 0

Hilbert's tenth problem

Hilbert's tenth problem
Models for concurrency

Handbook of logic in computer science (vol. 4)
History-based access control for mobile code

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Introduction to the Theory of Computation

Introduction to the Theory of Computation
Synthesizing Monitors for Safety Properties

TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
Log Auditing through Model-Checking

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
LOLA: Runtime Monitoring of Synchronous Systems

TIME '05 Proceedings of the 12th International Symposium on Temporal Representation and Reasoning
A framework for concrete reputation-systems with applications to history-based access control

Proceedings of the 12th ACM conference on Computer and communications security
A survey of trust and reputation systems for online service provision

Decision Support Systems
A logical framework for history-based access control and reputation systems

Journal of Computer Security
The temporal logic of programs

SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Monitoring of real-time properties

FSTTCS'06 Proceedings of the 26th international conference on Foundations of Software Technology and Theoretical Computer Science
History-based access control with local policies

FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures

Quantified Score

Hi-index	0.00

Visualization

Abstract

Online trading invariably involves dealings between strangers, so it is important for one party to be able to judge objectively the trustworthiness of the other. In such a setting, the decision to trust a user may sensibly be based on that user's past behaviour. We introduce a specification language based on linear temporal logic for expressing a policy for categorising the behaviour patterns of a user depending on its transaction history. We also present an algorithm for checking whether the transaction history obeys the stated policy. To be useful in a real setting, such a language should allow one to express realistic policies which may involve parameter quantification and quantitative or statistical patterns. We introduce several extensions of linear temporal logic to cater for such needs: a restricted form of universal and existential quantification; arbitrary computable functions and relations in the term language; and a "counting" quantifier for counting how many times a formula holds in the past. We then show that model checking a transaction history against a policy, which we call the history-based transaction monitoring problem, is PSPACE -complete in the size of the policy formula and the length of the history, assuming that the underlying interpreted functions and relations are polynomially computable. The problem becomes decidable in polynomial time when the policies are fixed. We also consider the problem of transaction monitoring in the case where not all the parameters of actions are observable. We formulate two such "partial observability" monitoring problems, and show their decidability under certain restrictions.