Rule languages have been used to specify security and management policies, such as access control and authorization policies, and network management policies. While these rule languages aim to simplify the specification and management of complex policies, large rule sets often contain subtle interactions, making them difficult to understand and reason about.
This project focuses on developing the Deductive Spread Sheet (DSS) paradigm, which uses the familiar spreadsheet-like interface for specifying rules. DSS brings to symbolic and rule-based computation what traditional spreadsheets bring to numeric computation. Specifically, deductive spreadsheets will allow users to directly see the effect of the rules, and see the changes to the results when the rules and/or the base data is changed. The feasibility of DSS has been shown via a prototype that has been used to describe the propagation of vulnerabilities in a network. This project significantly expands the scope of DSS to a broad range of security-related policy specification and analysis problems. The project addresses fundamental questions in the development of the DSS language including its semantics, algorithms for its incremental evaluation, and techniques for explaining the results of deduction. Research done in this project will result in DSS-based tools for security policies and trust management policies. The project will promote the use of such tools by integrating them into undergraduate and graduate courses. The project contributes to research and education in security policy languages, logic and constraint programming, semantics, explanations of rule-based computation and interfaces for visualizing them.
