Many papers have already provided models to formally specify security policies. In this paper, security policies are\nmodeled using deontic concepts of permission and obligation. Permission rules are used to specify access control\npolicies, while obligation rules are useful to specify other security requirements corresponding to usage control\npolicies as the availability of information in its allotted time. However, when both permission and obligation concepts\nare used to express security policies, several different types of conflict can be raised and should be detected and\nmanaged. We are interested in this work in managing conflicts between obligations with deadlines and permissions.\nThus, we first begin by formally defining the conflicting situations using the situation calculus. Afterwards, we provide\nan algorithm for searching a plan of actions, when it exists, which fulfills all the active obligations in a given situation in\ntheir deadlines with respect to the permission rules. The length of the plan is set in advance and can be calculated in\nthe case where the sets of actions and fluents are finite to ensure the decidability of the solution search. Furthermore,\nin the plan search, the choice of the execution time of the elected actions obeys to equations and inequalities which\nneed to be solved. For this purpose, we need a component allowing these equations and inequalities resolution. To\nillustrate our approach, we take an example inspired from existing laws in hospitals regulating deadlines for\ncompletion of patient medical records. The example is formally specified in our language and implemented in ECRC\nCommon Logic Programming System ECLIPSE 3.5.2, which is equipped with Simplex algorithm for solving linear\nequations and inequalities over the reals. In the implementation, we show how the plan search can be optimized\nthrough the use of some heuristics and make some evaluation tests.
Loading....