Proactive enforcement of provisions and obligations

Abstract

We present an approach to the proactive enforcement of provisions and obligations, suitable for building policy enforcement mechanisms that both prevent and cause system actions. Our approach encompasses abstract requirements for proactive policy enforcement, a system model describing how enforcement mechanisms interact with and control target systems, and concrete policy languages and associated enforcement mechanisms. As examples of policy languages, we consider finite automata and timed dynamic condition response (DCR) graphs. We use finite automata to illustrate the basic principles and DCR graphs to show how these principles can be adapted to a practical, real-time policy language. In both cases, we show how to algorithmically determine whether a given policy is enforceable and, when this is the case, construct an associated enforcement mechanism. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system’s existing functionality to avert policy violations proactively, rather than compensate for them reactively; and (2) rather than requiring the manual specification of remedial actions in the policy, we deduce required actions directly from the policy.