A First-Order Policy Language for History-Based Transaction Monitoring
Online trading invariably involves dealings between strangers, so it is important for one party to be able to judge objectively the trustworthiness of the other. In such a setting, the decision to trust a user may sensibly be based on that user’s past behaviour. We introduce a specification language based on linear temporal logic for expressing a policy for categorising the behaviour patterns of a user depending on its transaction history. We also present an algorithm for checking whether the transaction history obeys the stated policy. To be useful in a real setting, such a language should allow one to express realistic policies which may involve parameter quantification and quantitative or statistical patterns. We introduce several extensions of linear temporal logic to cater for such needs: a restricted form of universal and existential quantification; arbitrary computable functions and relations in the term language; and a “counting” quantifier for counting how many times a formula holds in the past. We then show that model checking a transaction history against a policy, which we call the history-based transaction monitoring problem, is PSPACE-complete in the size of the policy formula and the length of the history, assuming that the underlying interpreted functions and relations are polynomially computable. The problem becomes decidable in polynomial time when the policies are fixed. We also consider the problem of transaction monitoring in the case where not all the parameters of actions are observable. We formulate two such “partial observability” monitoring problems, and show their decidability under certain restrictions.
Unable to display preview. Download preview PDF.
- 1.The RuleML Initiative. Document located, http://www.ruleml.org/
- 3.Bauer, A., Goré, R., Tiu, A.: A decidable policy language for history-based transaction monitoring. Technical report, The Australian National University (2009), http://arxiv.org/abs/0903.2904
- 5.Boley, H., Dean, M., Grosof, B., Sintek, M., Spencer, B., Tabet, S., Wagner, G.: FOL RuleML: The First-Order Logic Web Language (2005), http://www.ruleml.org/fol
- 6.Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy. IEEE, Los Alamitos (1989)Google Scholar
- 7.D’Angelo, B., Sankaranarayanan, S., Sánchez, C., Robinson, W., Finkbeiner, B., Sipma, H.B., Mehrotra, S., Manna, Z.: LOLA: Runtime monitoring of synchronous systems. In: TIME. IEEE, Los Alamitos (2005)Google Scholar
- 8.Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: ACM Conference on Computer and Communications Security, pp. 38–48 (1998)Google Scholar
- 9.Fong, P.W.L.: Access control by tracking shallow execution history. In: IEEE Symposium on Security and Privacy, pp. 43–55. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
- 13.Krukow, K., Nielsen, M., Sassone, V.: A framework for concrete reputation-systems with applications to history-based access control. In: ACM Conf. Comp. and Commun. Sec. (2005)Google Scholar
- 14.Krukow, K., Nielsen, M., Sassone, V.: A logical framework for reputation systems and history based access control. Journal of Computer Security (to appear) (2008)Google Scholar
- 16.Pnueli, A.: The temporal logic of programs. In: Proc. FOCS 1977, pp. 46–57 (1977)Google Scholar
- 17.Roger, M., Goubault-Larrecq, J.: Log auditing through model-checking. In: CSFW, pp. 220–234. IEEE, Los Alamitos (2001)Google Scholar
- 18.Sipser, M.: Introduction to the Theory of Computation. Intl. Thomson Publishing (1996)Google Scholar
- 19.Winskel, G., Nielsen, M.: Models for concurrency. In: Handbook of logic in computer science. semantic modelling, vol. 4. Oxford University Press, Oxford (1995)Google Scholar