Preventing Theft By Keeping Good Company

1
Preventing TheftByKeeping Good Company
Naftaly Minsky Rutgers University
2
Outline

• A real life example the theft of theater seats.
• Parental advice about avoiding theft.
• How to realize the parental adviceover the
  internet.

3
Theft of Theater Seatsan Example

• Suppose that a theater issues only one ticket for
  every seat, at any given performance and that no
  one is admitted without a ticket.
• A theater-ticket is transferable right to occupy
  a specified seat at a given performance, and may
  change many hand before it is purchased by one
  who attempts to use it.
• But tickets can be forged, so one might find
  his seat occupiedstolen--when coming to the
  theater.
• Question what can one do to avoid such theft?

4
What did our Parents Tell Us?

• Deal only with honest, law-abiding,
  individuals.
• This must mean, in this case, to accept tickets
  from somebody you trust
• not to be a forger
• to follow this parental advicerecursively.
• So, one needs to trust a whole community whose
  membership is unknown to be law-abiding.
• The theater goers constitute such a
  communitymore or less.
• Can such a law-abiding community be realized over
  the internet? This would help prevent some
  thefts, and other mishaps.

5
The Concept of Law-Governed Interaction (LGI)

• LGI is a message exchange mechanism that enables
  a community of distributed agents to interact
  under an explicit and strictly enforced policy,
  called the law of this community.
• Some characteristics of LGI
• Laws are about the interaction between agentsit
  is a generalized access-control mechanism.
• Laws are about local behavior, but they have
  global, communal, implications, because
  everybody in the given community is subject to
  the same law.
• Incremental deployment, and efficient execution
• Enforcement is decentralized---for scalability.
• To be released in May 2005, viahttp//www.cs.rut
  gers.edu/moses/

6
Centralized Enforcement of Communal Laws
The problems potential congestion, and single
point of failure
Replication does not help, if S changes
rapidly enough
7
Distributed Law-Enforcement under LGI
8
The local nature of LGI laws

• Laws are defined locally, at each agent
• They deal explicitly only with local eventssuch
  as the sending or arrival of a message.
• the ruling of a law for an event e at agent x is
  a function of e, and of the local control state
  CSX of x.
• a ruling can mandate only local operations at x.
• This localization does not reduce the expressive
  power of LGI laws,
• and it provides scalability for many (not all)
  laws.

9
On the basis for trust between members of a
community

• For a member of an L-community to trust its
  interlocutors to comply with the same law, one
  needs to ensure
• that the exchange of L-messages is mediated by
  correctly implemented controllers .
• that interacting controllers operate under the
  same law L.
• Such assurances are provided, basically, via
  certification of controllers, and the exchange of
  the hash of the law.

10
Deployment of LGIVia Distributed TCB (DTCB)
11
A Law-Abiding Community of Theater-Goers
T
T
T
T
Theater
T
T
12
A Qualification about enforcement

• It is not possible to compel anybody to operate
  under any particular law, or to use LGI, for that
  matter.
• Yet, an agent may be effectively compelled to
  exchange L-messages, if it needs services
  provided only under this law.
• In our case, for example, if the theater admits
  only via L-message then theater goers, would have
  to use L-message to get tickets, and so would
  street vendors, if they want their tickets to
  be purchased.

13
The Theater Law(Written in prolog)

• R1. certified(issu(CA),subj(X),
  attr(role(theater))) -
  do(role(theater))).
• R2. sent(H,releaseTicket(t(H,P)),Y)-
  role(theater)_at_CS, do(forward).
• R3. arrived(H,releaseTicket(t(H,P)),Y)
  - do(t(H,P)), do(deliver).
• R4. sent(X,transfer(t(H,P)),Y) -
  t(H,P)_at_CS, do(-t(H,P)), do(forward).
• R5. arrived(X,transfer(t(H,P)),Y) -
  do(t(H,P)), do(deliver).
• R6. sent(X,enter(t(H,P)),H) - t(H,P)_at_CS,
  do(-t(H,P)), do(forward).
• R7. arrived(X,enter(t(H,P)),H) - do(deliver).

14
Questions?
15
The Theater Law (part 1)

• R1. certified(issu(CA),subj(X),
  attr(role(theater))) -
  do(role(theater))).
• An agent may claim the role of a theater by
  presenting an apptopriate certificate issued by
  cityHall.
• R2. sent(H,releaseTicket(t(H,P)),Y)-
  role(theater)_at_CS, do(forward).
• Only a theater can realse tickets, and only its
  own.
• R3. arrived(H,releaseTicket(t(H,P)),Y)
  - do(t(H,P)), do(deliver).
• An arriving ticket is maintained in the CS of the
  receiver.

16
The Theater Law (part 2)

• R4. sent(X,transfer(t(H,P)),Y) -
  t(H,P)_at_CS, do(-t(H,P)), do(forward).
• Transferring a ticket to somebody else.
• R5. arrived(X,transfer(t(H,P)),Y) -
  do(t(H,P)), do(deliver).
• Receiving a transferred ticket.
• R6. sent(X,enter(t(H,P)),H) - t(H,P)_at_CS,
  do(-t(H,P)), do(forward).
• Entering a theater, with a valid ticket
• R7. arrived(X,enter(t(H,P)),H) - do(deliver).