Algebra and Logic for Policy and Utility in Information Security

Lead Research Organisation: University College London
Department Name: Computer Science


Managers, consultants, and security engineers have responsibility for delivering the security of possibly large, complex systems. Policy-makers and industry/business leaders, on the other hand, have responsibility for ensuring the overall sustainability and resilience of information ecosystems that deliver services, including those in commercial, governmental, intelligence, military, and scientific worlds. Despite these differences in focus and scope, both groups must make security policy design decisions that combine a wide range of competing, often contradictory concerns.

Considering this range of stakeholders, we are motivated by the following closely related questions:

For a given system, with a given set of stakeholders operating in given business and threat environments, how do we determine what is an appropriate (i.e., effective, affordable) security policy? What attributes should be protected, to what extent, in what circumstances? What impact on business operations is acceptable, and at what financial cost?

Such an analysis will, if it is to be achievable and robust, be dependent on the provision of rigorous economic and mathematical models of systems and their operations. How are we to express and reason about policies so that their effectiveness against the desired security outcomes and their impact upon the stakeholders and business operations can be understood?

Our hypothesis, supported both by extensive background work and experience in an industrial setting and by extensive background mathematical work, is that a marriage of the modelling techniques of logic with those of mathematical economics will provide an appropriate framework. We aim to establish a mathematical basis for a systems security modelling technology that is able to handle the structural aspects of systems, the stochastic behaviour of their environments and, specifically, a utility-theoretic representation of security policies and their effectiveness.

The development of this theory poses significant challenges. We need to reconstruct utility theory to take advantage of the sophisticated account of actions provided by the mathematical models of processes common in theoretical computer science. Another technique of theoretical computer science, Hennessy-Milner logic, provides a logical characterization of process behaviour; this will need to be enhanced to enable specification of properties involving utility- and game-theoretic concepts, such as Pareto optimality and equilibrium properties. The development of this novel mathematics must be driven and guided throughout by the policy decision-making applications, and we must explore how the methodology used in previous work can be extended and generalised to take advantage of this new mathematics.

Planned Impact

Our work will have impact throughout industry, wherever security
concerns arise. Our methodology will be of interest and use to any
managers, consultants and security engineers with responsiblity for
delivering the security of complex systems, and on policy makers and
industry leaders who must ensure the sustainability and resilience of
information ecosystems.

Initial impact will be with our project partners, Hewlett-Packard and
National Grid. Working closely with them, we will apply the
methodology, as we develop it, to problems of specific interest to
them. In both cases, the focus will be on organizational level policy
and structure, with the emphasis for HP being on
business-technology ecosystems and the emphasis for National Grid
on critical infrastructure.

At the policy level, our methodology will be able to inform
policy-makers at all levels, from lowest level rules for configuration
of devices and systems, through a middle level of security management
in organizations, to the highest level of national and supra-national
laws, regulations, agreements, understandings and
interactions. Because the mathematics we propose to develop can be
instantiated to model systems and policies at any level of
abstraction, it will be of interest and use for policy analysis and
decision-making at all levels.


10 25 50
publication icon
Anderson G (2016) A calculus and logic of bunched resources and processes in Theoretical Computer Science

publication icon
Caulfield T (2015) Improving Security Policy Decisions with Models in IEEE Security & Privacy

publication icon
Collinson M (2014) A substructural logic for layered graphs in Journal of Logic and Computation

publication icon
Collinson M (2017) Layered graph logic as an assertion language for access control policy models in Journal of Logic and Computation

publication icon
Collinson M (2019) A logic of hypothetical conjunction in Journal of Logic and Computation

publication icon
G. Anderson (2016) LNCS

Description The purpose of this project is to understand how a mathematical theory of processes, which explains how complex actions are built up from simpler actions, can be integrated with utility theory --- that part of economics that studies the values of the outcomes of actions --- and used to understand how systems and their security policies interact.
Exploitation Route To support decision-support tools for systems security designers and managers.
Sectors Digital/Communication/Information Technologies (including Software),Energy,Financial Services, and Management Consultancy,Security and Diplomacy

Description Ideas from this project, along with ideas from the Trust Domains project, have influenced proved useful in collaborative work with National Grid plc related to its re-engineering of its corporate security architecture. A short paper explaining this work is preparation.
First Year Of Impact 2015
Sector Digital/Communication/Information Technologies (including Software),Energy
Impact Types Societal,Policy & public services

Title julia systems modelling package 
Description Packages for the julia ( modelling languages that capture our systems and security modelling approach. Presentation in progress. 
Type Of Material Improvements to research infrastructure 
Year Produced 2016 
Provided To Others? Yes  
Impact Presentations at the UK Research Institute in the Science of Cybersecurity (RISCS) first-phase final meeting. 
Description National Grid Cyber-security Research 
Organisation The National Grid Co plc
Country United Kingdom 
Sector Private 
PI Contribution Research collaboration: Pym is Director of Cyber-security Research at National Grid
Collaborator Contribution Research collaboration
Impact Multi-discipinary. Colleagues from Universities of Aberdeen and Durham also involved. Various outputs: EC 'Seconomics' Project deliverables; presentations to National Grid management and security staff.
Start Year 2013
Description D. Pym has served as a member of Home Office Working Group on the Costs of Cybercrime 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Expert panel advising the Home Office.
Year(s) Of Engagement Activity 2014,2015,2016