Michael McDougal
Modeling and Analyzing Integrated Policies

Smart card technology has advanced to the point where computerized cards the size of credit cards can hold multiple interacting programs. These multi-applet cards are beginning to be exploited by business and government in security, transport and financial applications. We conduct a thorough analysis of a programmable payment card application: a smart card for making purchases which can be customized to allow or reject purchases based on various policies that are installed by users. We describe a framework for specifying, merging and analyzing modular policies. We present policy automata, a formal model of computations that grant or deny access to a resource. This model combines state machines with a voting system whereby the vote of each state machine is consolidated and resolved into a decision to accept or reject. We use defeasible logic as the primary mechanism for describing and resolving votes. This formal model effectively represents complex policies as combinations of simpler modular policies. We present Polaris, a tool which analyzes policy automata to reveal potential conflicts and compiles automata into an executable form when combined with our on-card policy manager. We show the effectiveness of our model in a case-study where actual University of Pennsylvania purchasing policies are encoded as policy automata. We demonstrate the feasibility of our framework with experiments that show that our implementation can convert formal policy automata to executable Java Card applets whose performance meets the requirements for retail credit card transactions.

(pdf, BiBTeX)