Research Perspectives - Tools for Visualisation of Portfolios
EPSRC logo

EPSRC Database


Source RCUK EPSRC Data

EP/K033042/1 - Algebra and Logic for Policy and Utility in Information Security

Research Perspectives grant details from EPSRC portfolio

http://www.researchperspectives.org/gow.grants/grant_EPK0330421.png

Professor D Pym EP/K033042/1 - Algebra and Logic for Policy and Utility in Information Security

Principal Investigator - Computing Science, University of Aberdeen

Other Investigators

Dr MJ Collinson, Co InvestigatorDr MJ Collinson

Professor J Swierzbinski, Co InvestigatorProfessor J Swierzbinski

Scheme

Standard Research

Research Areas

Maths of Computing Maths of Computing

Theory of Computation Theory of Computation

Mathematical Aspects of Operational Research Mathematical Aspects of Operational Research

Related Grants

EP/K033247/1

Start Date

10/2013

End Date

09/2017

Value

£441,734

Similar Grants

Automatic generation of similar EPSRC grants

Similar Topics

Topic similar to the description of this grant

Grant Description

Summary and Description of the grant

Managers, consultants, and security engineers have responsibility for delivering the security of possibly large, complex systems. Policy-makers and industry/business leaders, on the other hand, have responsibility for ensuring the overall sustainability and resilience of information ecosystems that deliver services, including those in commercial, governmental, intelligence, military, and scientific worlds. Despite these differences in focus and scope, both groups must make security policy design decisions that combine a wide range of competing, often contradictory concerns.

Considering this range of stakeholders, we are motivated by the following closely related questions:

For a given system, with a given set of stakeholders operating in given business and threat environments, how do we determine what is an appropriate (i.e., effective, affordable) security policy? What attributes should be protected, to what extent, in what circumstances? What impact on business operations is acceptable, and at what financial cost?

Such an analysis will, if it is to be achievable and robust, be dependent on the provision of rigorous economic and mathematical models of systems and their operations. How are we to express and reason about policies so that their effectiveness against the desired security outcomes and their impact upon the stakeholders and business operations can be understood?

Our hypothesis, supported both by extensive background work and experience in an industrial setting and by extensive background mathematical work, is that a marriage of the modelling techniques of logic with those of mathematical economics will provide an appropriate framework. We aim to establish a mathematical basis for a systems security modelling technology that is able to handle the structural aspects of systems, the stochastic behaviour of their environments and, specifically, a utility-theoretic representation of security policies and their effectiveness.

The development of this theory poses significant challenges. We need to reconstruct utility theory to take advantage of the sophisticated account of actions provided by the mathematical models of processes common in theoretical computer science. Another technique of theoretical computer science, Hennessy-Milner logic, provides a logical characterization of process behaviour; this will need to be enhanced to enable specification of properties involving utility- and game-theoretic concepts, such as Pareto optimality and equilibrium properties. The development of this novel mathematics must be driven and guided throughout by the policy decision-making applications, and we must explore how the methodology used in previous work can be extended and generalised to take advantage of this new mathematics.

Structured Data / Microdata


Grant Event Details:
Name: Algebra and Logic for Policy and Utility in Information Security - EP/K033042/1
Start Date: 2013-10-01T00:00:00+02:00
End Date: 2017-09-30T00:00:00+02:00

Organization: University of Aberdeen

Description: Managers, consultants, and security engineers have responsibility for delivering the security of possibly large, complex systems. Policy-makers and industry/business leaders, on the other hand, have responsibility for ensuring the overall sustainability an ...