Cooperative security administration in multi-security-domain environments using a variant of deontic logic

The decentralized approach to security administration in new computing environments(e.g., pervasive computing and mobile environments) is based on apportioning the environment intomultiple security domains. the security policies of each security domain are specified by an authorityand enforced by a security agent. the requirements of cooperative administration in such multi-security-domain (msd) environments, for shared or subdomains, induced us to propose an msd cooperationframework within a logical security policy language (called masl) in this paper. masl is a variation ofdeontic logic that enables multiple authorities to specify their domain policies, including obligations andauthorizations. the proposed supplement to masl, as a calculus of cooperative administration, enablesthe security agents to infer applicable policy rules of cooperative domains from the policy rules of theparticipating domains. the calculus offers three styles of cooperative administration, namely collaborative,disjunctive, and delegative. the syntax, semantics, proof theory, soundness and completeness proofs of thecore masl and its supplement are formally presented in this paper. the main advantages of the proposedlogical approach in cooperative administration of msd environments are its abstraction, expressiveness,scalability, and applicability, and automated inference of the cooperative domains' policies.