Information Technology Reference
In-Depth Information
Definition 7.
The three necessary facts in a security event description
to-
gether with their intended meanings are as follows:
-
happens
(
e
i
,t
j
)=
true
iff the event identified by
e
i
∈E
happens at time
.
-
act
(
e
i
,a
l
)=
true
iff the event identified by
e
i
∈E
relates to an action
a
l
∈A
.
-
t
j
∈T
user
(
e
i
,u
m
)=
true
iff the event identified by
e
i
∈E
relates to the agent
.
Example 1.
Consider the security event description
u
m
∈U
=
{
happens
(
e
1
,
12
/
12
/
2002)
←
;
user
(
e
1
, bob
)
←
;
act
(
e
1
, depositing
)
←
;
object
(
e
1
,a
1
)
←
;
amount
(
e
1
,
1000)
←}
.
The set of facts in
describes an event
e
1
that happens on 12
/
12
/
2002 and
involves the agent
Bob
depositing an amount of 1000 Euros into an object (a
bank account) denoted by
a
1
.
To define
sla
we need a 1-place predicate
current time
(
T
) with a fixed in-
terpretation that may described thus:
current time
(
T
)=
true,
if
T
=
now,
false,
otherwise
.
Definition 8.
The definition of
sla
is represented thus:
sla
(
U, L
)
←
current time
(
T
)
, agent
(
E
1
,U
)
, happens
(
E
1
,T
1)
,
T
1
T, started sla
(
E
1
,U,L
)
,
agent
(
E
2
,U
)
, happens
(
E
2
,T
2)
,T
2
≤
≤
T,
not ended sla
(
E
2
,U,L
)
,T
1
≤
T
2
.
Informally, the definition of
sla
specifies that a requester agent
U
is assigned
to the status level
L
at the time
T
=
now
if an event
E
1 happens at a time
T
1
that is earlier than or the same time as
T
and the occurrence of
E
1 causes
U
to be assigned to
L
and there is no event
E
2 that happens at a time
T
2 that
is subsequent to
T
1, but before
T
, such that the occurrence of
E
2 causes
U
's
assignment to
L
to be terminated.
Definition 9.
The auxiliary
started sla
predicate in
sla
is defined thus:
started sla
(
E
1
,U,L
)
←
act
U
(
E
1
,A
)
,ECL
I
(
E
1
,U,L
)
.
Informally, the definition of
started sla
specifies that if the event
E
1 involves
an act
A
that causes user
U
's status to be upgraded and the conditions expressed
on
U
's assignment to
L
as a consequence of
E
1 happening are satisfied then
U
's
assignment to
L
is started by
E
1.
Definition 10.
The auxiliary
ended sla
predicate in
sla
is defined thus:
ended sla
(
E
2
,U,L
)
←
act
D
(
E
2
,A
)
,ECL
T
(
E
2
,U,L
)
.
