Information Technology Reference
In-Depth Information
Input:
∆
-setofrules.
S
M
- set of minimal goal states,
S
M
⊆ S
G
.
Output:
∆
- set of noninterfering rules.
Algorithm:
computeNRS(∆, S
M
)
P
=
Q
=
R
=
∅
for
each
δ
(
A, B, C, D
)
∈ ∆
do
P
=
P ∪ A
Q
=
Q ∪ B
for
each
s
m
∈ S
M
do
R
=
R ∪ s
m
∆
=
∅
for
each
δ
(
A, B, C, D
)
∈ ∆
do
if
C ∩ Q
=
∅
and
D ∩ P
=
∅
and (
D ∩ R
=
∅
)
then
∆
=
∆
∪{δ}
return
∆
Fig. 2.
Computing the noninterfering rule subset of a ruleset
Input:
seq
- a reverse attack path,
seq ∈ S
∗
.
∆
- set of noninterfering rules.
Output:
A maximal state transition sequence
Algorithm:
findMaximal(seq, ∆)
s
=
head
(
seq
)
if
A ⊆ s
and
B ∩ s
=
∅
for some rule
δ
(
A, B, C, D
)
∈ ∆
then
s
=((
s ∪ C
)
− D
)
return
findMaximal
(
s
.seq
,
∆ −{δ}
)
else
return
seq
Fig. 3.
Computing a maximal state transition sequence using a noninterfering ruleset
3.1 Monotonicity
A ruleset
∆
is called
monotonic
if for all rules
δ
(
A, B, C, D
)
∈
∆
,
B
and
D
are empty. Clearly, if
T
=(
A,∆,s
0
,S
G
)isa
state transition rule-system
with
monotonic ruleset
∆
, then all rules in
∆
are noninterfering rules in
T
. Hence,
from Propositions 3 and 4, monotonic rules may be applied in any order and
findMaximal
yields a successful attack path if one exists.
4 Nonmonotonic Rules
We now consider transition rules
δ
(
A, B, C, D
)where
A, B, C, D
can be arbitrary
sets of attributes. Such rules (called
nonmonotonic rules
) can represent actions