A calculus for composite authorities´ policy derivation in shared domains of pervasive computing environments

The decentralized security management in a pervasive computing environment, requires apportioning the environment into several security domains. In each security domain, an administrator (we call it authority) is responsible for specifying the security policies of the domain. Overlapping of security domains results in the requirement of cooperative security management in the shared/ overlapping domains. To satisfy this requirement, we propose an abstract security model, as well as its supplementary calculus of composite authorities. The security model is based on deontic logic and is independent of the domains´ heterogeneity. The model´s policy language (we call it MASL) enables multiple authorities to specify their domain policies, including obligations and authorizations. Our proposed calculus of composite authorities, enables the security system to infer policy statements of composite authorities from the cooperating primitive authorities. The calculus offers three styles of cooperative administration including collaborative, disjunctive, and delegative administration. Abstraction and automated composite authorities´ policy derivation are the main advantages of the proposed logical model.