Cooperative security administration in multi-security-domain environments using a variant of deontic logic

The decentralized approach to security administration in new computing environments (e.g., pervasive computing and mobile environments) is based on apportioning the environment into multiple security domains. The security policies of each security domain are specified by an authority and enforced by a security agent. The requirements of cooperative administration in such Multi-Security-Domain (MSD) environments, for shared or subdomains, induced us to propose an MSD cooperation framework within a logical security policy language (called MASL) in this paper. MASL is a variation of deontic logic that enables multiple authorities to specify their domain policies, including obligations and authorizations. The proposed supplement to MASL, as a calculus of cooperative administration, enables the security agents to infer applicable policy rules of cooperative domains from the policy rules of the participating domains. The calculus offers three styles of cooperative administration, namely collaborative, disjunctive, and delegative. The syntax, semantics, proof theory, soundness and completeness proofs of the core MASL and its supplement are formally presented in this paper. The main advantages of the proposed logical approach in cooperative administration of MSD environments are its abstraction, expressiveness, scalability, and applicability, and automated inference of the cooperative domains’ policies.