Algebra and Logic for Policy and Utility in Information Security
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
Managers, consultants, and security engineers have responsibility for delivering the security of possibly large, complex systems. Policy-makers and industry/business leaders, on the other hand, have responsibility for ensuring the overall sustainability and resilience of information ecosystems that deliver services, including those in commercial, governmental, intelligence, military, and scientific worlds. Despite these differences in focus and scope, both groups must make security policy design decisions that combine a wide range of competing, often contradictory concerns.
Considering this range of stakeholders, we are motivated by the following closely related questions:
For a given system, with a given set of stakeholders operating in given business and threat environments, how do we determine what is an appropriate (i.e., effective, affordable) security policy? What attributes should be protected, to what extent, in what circumstances? What impact on business operations is acceptable, and at what financial cost?
Such an analysis will, if it is to be achievable and robust, be dependent on the provision of rigorous economic and mathematical models of systems and their operations. How are we to express and reason about policies so that their effectiveness against the desired security outcomes and their impact upon the stakeholders and business operations can be understood?
Our hypothesis, supported both by extensive background work and experience in an industrial setting and by extensive background mathematical work, is that a marriage of the modelling techniques of logic with those of mathematical economics will provide an appropriate framework. We aim to establish a mathematical basis for a systems security modelling technology that is able to handle the structural aspects of systems, the stochastic behaviour of their environments and, specifically, a utility-theoretic representation of security policies and their effectiveness.
The development of this theory poses significant challenges. We need to reconstruct utility theory to take advantage of the sophisticated account of actions provided by the mathematical models of processes common in theoretical computer science. Another technique of theoretical computer science, Hennessy-Milner logic, provides a logical characterization of process behaviour; this will need to be enhanced to enable specification of properties involving utility- and game-theoretic concepts, such as Pareto optimality and equilibrium properties. The development of this novel mathematics must be driven and guided throughout by the policy decision-making applications, and we must explore how the methodology used in previous work can be extended and generalised to take advantage of this new mathematics.
Considering this range of stakeholders, we are motivated by the following closely related questions:
For a given system, with a given set of stakeholders operating in given business and threat environments, how do we determine what is an appropriate (i.e., effective, affordable) security policy? What attributes should be protected, to what extent, in what circumstances? What impact on business operations is acceptable, and at what financial cost?
Such an analysis will, if it is to be achievable and robust, be dependent on the provision of rigorous economic and mathematical models of systems and their operations. How are we to express and reason about policies so that their effectiveness against the desired security outcomes and their impact upon the stakeholders and business operations can be understood?
Our hypothesis, supported both by extensive background work and experience in an industrial setting and by extensive background mathematical work, is that a marriage of the modelling techniques of logic with those of mathematical economics will provide an appropriate framework. We aim to establish a mathematical basis for a systems security modelling technology that is able to handle the structural aspects of systems, the stochastic behaviour of their environments and, specifically, a utility-theoretic representation of security policies and their effectiveness.
The development of this theory poses significant challenges. We need to reconstruct utility theory to take advantage of the sophisticated account of actions provided by the mathematical models of processes common in theoretical computer science. Another technique of theoretical computer science, Hennessy-Milner logic, provides a logical characterization of process behaviour; this will need to be enhanced to enable specification of properties involving utility- and game-theoretic concepts, such as Pareto optimality and equilibrium properties. The development of this novel mathematics must be driven and guided throughout by the policy decision-making applications, and we must explore how the methodology used in previous work can be extended and generalised to take advantage of this new mathematics.
Planned Impact
Our work will have impact throughout industry, wherever security
concerns arise. Our methodology will be of interest and use to any
managers, consultants and security engineers with responsiblity for
delivering the security of complex systems, and on policy makers and
industry leaders who must ensure the sustainability and resilience of
information ecosystems.
Initial impact will be with our project partners, Hewlett-Packard and
National Grid. Working closely with them, we will apply the
methodology, as we develop it, to problems of specific interest to
them. In both cases, the focus will be on organizational level policy
and structure, with the emphasis for HP being on
business-technology ecosystems and the emphasis for National Grid
on critical infrastructure.
At the policy level, our methodology will be able to inform
policy-makers at all levels, from lowest level rules for configuration
of devices and systems, through a middle level of security management
in organizations, to the highest level of national and supra-national
laws, regulations, agreements, understandings and
interactions. Because the mathematics we propose to develop can be
instantiated to model systems and policies at any level of
abstraction, it will be of interest and use for policy analysis and
decision-making at all levels.
concerns arise. Our methodology will be of interest and use to any
managers, consultants and security engineers with responsiblity for
delivering the security of complex systems, and on policy makers and
industry leaders who must ensure the sustainability and resilience of
information ecosystems.
Initial impact will be with our project partners, Hewlett-Packard and
National Grid. Working closely with them, we will apply the
methodology, as we develop it, to problems of specific interest to
them. In both cases, the focus will be on organizational level policy
and structure, with the emphasis for HP being on
business-technology ecosystems and the emphasis for National Grid
on critical infrastructure.
At the policy level, our methodology will be able to inform
policy-makers at all levels, from lowest level rules for configuration
of devices and systems, through a middle level of security management
in organizations, to the highest level of national and supra-national
laws, regulations, agreements, understandings and
interactions. Because the mathematics we propose to develop can be
instantiated to model systems and policies at any level of
abstraction, it will be of interest and use for policy analysis and
decision-making at all levels.
Publications
Anderson G
(2016)
Decision and Game Theory for Security
Anderson G
(2016)
A calculus and logic of bunched resources and processes
in Theoretical Computer Science
Anderson G.
(2017)
A substructural modal logic of utility
in Journal of Logic and Computation
Caulfield T
(2016)
Decision and Game Theory for Security
Caulfield T
(2015)
Improving Security Policy Decisions with Models
in IEEE Security & Privacy
Caulfield, Tristan
(2014)
Compositional Security Modelling: Structure, Economics, and Behaviour
Collinson M
(2019)
A logic of hypothetical conjunction
in Journal of Logic and Computation
Collinson M
(2014)
A substructural logic for layered graphs
in Journal of Logic and Computation
Collinson M
(2017)
Layered graph logic as an assertion language for access control policy models
in Journal of Logic and Computation
Description | The purpose of this project is to understand how a mathematical theory of processes, which explains how complex actions are built up from simpler actions, can be integrated with utility theory --- that part of economics that studies the values of the outcomes of actions --- and used to understand how systems and their security policies interact. |
Exploitation Route | To support decision-support tools for systems security designers and managers. |
Sectors | Digital/Communication/Information Technologies (including Software) Energy Financial Services and Management Consultancy Security and Diplomacy |
Description | The research carried out in this project led to several papers in major journals --- Journal of Logic and Computation, Theoretical Computer Science, Logic, Language, and Information --- as well as conference venues such as TARK and GameSec. The research has influenced several PhD theses that are now completed or nearing completion: one in security forensics methodology, one in security modelling (co-design) methodology, and one in security economics for cyberinsurance. It is expected also to influence a thesis on privacy economics. The project had some small influence National Grid's 'policy domains' security architecture (though this line of research ended when key personnel moved on to new positions). The results of the project had some formative influence on the 'Interface Reasoning for Interacting Systems (IRIS)' programme grant funded by EPSRC. Currently, it is expected that the work carried out in the project will have some influence on a substantial article on modelling for policy in distributed systems that is to be submitted to the journal Philosophy & Technology. This current work is likely to adumbrate a new grant proposal. Two post-doctoral, early-career researchers who were employed by the project have gone to to substantive careers: one as a faculty member at a UK university and one at Google. |
First Year Of Impact | 2016 |
Sector | Digital/Communication/Information Technologies (including Software),Energy,Security and Diplomacy |
Impact Types | Societal Policy & public services |
Title | julia systems modelling package |
Description | Packages for the julia (www.julialang.org) modelling languages that capture our systems and security modelling approach. Presentation in progress. |
Type Of Material | Improvements to research infrastructure |
Year Produced | 2016 |
Provided To Others? | Yes |
Impact | Presentations at the UK Research Institute in the Science of Cybersecurity (RISCS) first-phase final meeting. http://www.riscs.org.uk/?page_id=15 |
URL | https://github.com/tristanc/SysModels |
Description | National Grid Cyber-security Research |
Organisation | National Grid UK |
Country | United Kingdom |
Sector | Private |
PI Contribution | Research collaboration: Pym is Director of Cyber-security Research at National Grid |
Collaborator Contribution | Research collaboration |
Impact | Multi-discipinary. Colleagues from Universities of Aberdeen and Durham also involved. Various outputs: EC 'Seconomics' Project deliverables; presentations to National Grid management and security staff. |
Start Year | 2013 |
Description | D. Pym has served as a member of Home Office Working Group on the Costs of Cybercrime |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Expert panel advising the Home Office. |
Year(s) Of Engagement Activity | 2014,2015,2016 |