Conflict detection in obligation with deadline policies

Many papers have already provided models to formally specify security policies. In this paper, security policies are modeled using deontic concepts of permission and obligation. Permission rules are used to specify access control policies, while obligation rules are useful to specify other security requirements corresponding to usage control policies as the availability of information in its allotted time. However, when both permission and obligation concepts are used to express security policies, several different types of conflict can be raised and should be detected and managed. We are interested in this work in managing conflicts between obligations with deadlines and permissions. Thus, we first begin by formally defining the conflicting situations using the situation calculus. Afterwards, we provide an algorithm for searching a plan of actions, when it exists, which fulfills all the active obligations in a given situation in their deadlines with respect to the permission rules. The length of the plan is set in advance and can be calculated in the case where the sets of actions and fluents are finite to ensure the decidability of the solution search. Furthermore, in the plan search, the choice of the execution time of the elected actions obeys to equations and inequalities which need to be solved. For this purpose, we need a component allowing these equations and inequalities resolution. To illustrate our approach, we take an example inspired from existing laws in hospitals regulating deadlines for completion of patient medical records. The example is formally specified in our language and implemented in ECRC Common Logic Programming System ECLIPSE 3.5.2, which is equipped with Simplex algorithm for solving linear equations and inequalities over the reals. In the implementation, we show how the plan search can be optimized through the use of some heuristics and make some evaluation tests.