Journal of Automated Reasoning

, Volume 46, Issue 3–4, pp 389–421 | Cite as

Collaborative Planning with Confidentiality

  • Max KanovichEmail author
  • Paul Rowe
  • Andre Scedrov


Collaboration among organizations or individuals is common.While these participants are often unwilling to share all their information with each other, some information sharing is unavoidable when achieving a common goal. The need to share information and the desire to keep it confidential are two competing notions which affect the outcome of a collaboration. This paper proposes a formal model of collaboration which addresses confidentiality concerns. We draw on the notion of a plan which originates in the AI literature. We use data confidentiality policies to assess confidentiality in transition systems whose actions have an equal number of predicates in their pre- and post-conditions. Under two natural notions of policy compliance, we show that it is PSPACE-complete to schedule a plan leading from a given initial state to a desired goal state while simultaneously deciding compliance with respect to the agents’ policies.


Collaborative planning Confidentiality AI literature Policy compliance 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alur, R., Černý, P., Chaudhuri, S.: Model checking on trees with path equivalences. In: TACAS 2007, pp. 664–678. Springer (2007)Google Scholar
  2. 2.
    Alur, R., Černý, P., Zdancewic, S.: Preserving secrecy under refinement. In: ICALP ’06: Proceedings (Part II) of the 33rd International Colloquium on Automata, Languages and Programming, pp. 107–118. Springer (2006)Google Scholar
  3. 3.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.:Enterprise privacy authorization language (EPAL 1.2) (2003).
  4. 4.
    Barh, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: 20th IEEE Computer Security Foundations Symposium (CSF 20). Venice, Italy (2007)Google Scholar
  5. 5.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and conextual integrity: framework and applications. In: 27th IEEE Symposium on Security and Privacy (2006)Google Scholar
  6. 6.
    Bibel, W.: A deductive solution for plan generation. New Gener. Comput. 4(2), 115–132 (1986)zbMATHCrossRefGoogle Scholar
  7. 7.
    Cervesato, I., Durgin, N., Kanovich, M., Scedrov, A.: Interpreting strands in linear logic. In: Veith, H., Heintze, N., Clark, E. (eds.) 2000 Workshop on Formal Methods and Computer Security—FMCS’00. Chicago, IL (2000)Google Scholar
  8. 8.
    Cervesato, I., Scedrov, A.: Relating state-based and process-based concurrency through linear logic. In: de Queiroz, R. (ed.) Thirteenth Workshop on Logic, Language, Information and Computation—WoLLIC’06, Stanford, CA, 18–21 July, pp. 145–176. Elsevier ENTCS 165 (2006)Google Scholar
  9. 9.
    Cervesato, I., Scedrov, A.: Relating state-based and process-based concurrency through linear logic (full-version). Inf. Comput. 207(10), 1044–1077 (2009)zbMATHCrossRefGoogle Scholar
  10. 10.
    Chapman, D.: Planning for conjunctive goals. Artif. Intell. 32(3), 333–377 (1987)zbMATHCrossRefGoogle Scholar
  11. 11.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004)Google Scholar
  13. 13.
    Garg, D., Bauer, L., Bowers, K.D., Pfenning, F., Reiter, M.K.: A linear logic of authorization and knowledge. In: Proceedings of the 11th European Symposium on Research in Computer Science (ESORICS’06). Springer Lecture Notes in Computer Science, vol. 4189, pp. 297–312. Springer-Verlag (2006)Google Scholar
  14. 14.
    Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: Proc. of the IEEE Computer Security Foundations Workshop (CSFW), pp. 283–296 (2006)Google Scholar
  15. 15.
    Gehlot, V., Gunter, C.: Normal process representatives. In: Proc. of the Fifth Annual IEEE Symposium on Logic in Computer Science, pp. 200–207. Philadelphia, PA (1990)Google Scholar
  16. 16.
    Girard, J.-Y.: Linear logic. Theor. Comp. Sci. 50(1), 1–102 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  17. 17.
    Girard, J.-Y.: Linear logic: Its syntax and semantics. In: Girard, J.-Y., Lafont, Y., Regnier, L. (eds.) Advances in Linear Logic. London Mathematical Society Lecture Notes, vol. 222, pp. 1–42. Cambridge University Press (1995)Google Scholar
  18. 18.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  19. 19.
    Greenstadt, R., Pierce, J.P., Tambe, M.: Analysis of privacy loss in distributed constraint optimization. In: 21st Conference on Artificial Intelligence (AAAI). Boston, MA (2006)Google Scholar
  20. 20.
    Greenstadt, R., Smith, M.D.: Collaborative scheduling: threats and promises. In: Fifth Annual Workshop on Economics and Information Security. Cambridge, England (2006)Google Scholar
  21. 21.
    Hopcroft, J.E., Motwani, R., Ullman, J.D.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley Longman Publishing Co., Inc., Boston, MA (2001)zbMATHGoogle Scholar
  22. 22.
    Ives, Z.G., Khandelwal, N., Kapur, A., Cakir, M.: ORCHESTRA: Rapid, collaborative sharing of dynamic data. In: Conference on Innovative Data Systems Research (CIDR), pp. 107–118 (2005)Google Scholar
  23. 23.
    Jones, N.D., Landweber, L.H., Lien, Y.E.: Complexity of some problems in Petri nets. Theor. Comp. Sci. 4(3), 277–299 (1977)MathSciNetzbMATHCrossRefGoogle Scholar
  24. 24.
    Kanovich, M., Rowe, P., Scedrov, A.: Collaborative planning with privacy. In: 20th IEEE Computer Security Foundations Symposium (CSF 20). Venice, Italy (2007)Google Scholar
  25. 25.
    Kanovich, M., Rowe, P., Scedrov, A.: Policy compliance in collaborative systems. In: 22nd IEEE Computer Security Foundations Symposium (CSF22), pp. 218–233. Port Jefferson, NY (2009)Google Scholar
  26. 26.
    Kanovich, M., Vauzeilles, J.: The classical AI planning problems in the mirror of Horn linear logic: semantics, expressibility, complexity. Math. Struct. Comput. Sci. 11(6), 689–716 (2001)MathSciNetzbMATHCrossRefGoogle Scholar
  27. 27.
    Kanovich, M.I.: Horn programming in linear logic is NP-complete. In: Proc. 7-th Annual IEEE Syposium on Logic in Computer Science, Santa Cruz, pp. 200–210 (1992)Google Scholar
  28. 28.
    Kanovich, M.I.: The complexity of Horn fragments of linear logic. Ann. Pure Appl. Logic 69, 195–241 (1994)MathSciNetzbMATHCrossRefGoogle Scholar
  29. 29.
    Kanovich, M.I.: Linear logic as a logic of computations. Ann. Pure Appl. Logic 67, 183–212 (1994)MathSciNetzbMATHCrossRefGoogle Scholar
  30. 30.
    Kanovich, M.I.: The direct simulation of Minsky machines in linear logic. In: Girard, J.-Y., Lafont, Y., Regnier, L. (eds.) Advances in Linear Logic. London Mathematical Society Lecture Notes, vol. 222, pp. 123–145 (1995)Google Scholar
  31. 31.
    Kanovich, M.I.: Petri nets, Horn programs, linear logic and vector games. Ann. Pure Appl. Logic 75(1-2), 107–135 (1995)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    Li, M., Vitanyi, P.: An introduction to Kolmogorov complexity and its applications. Springer, New York (1997)zbMATHGoogle Scholar
  33. 33.
    Lincoln, P.D., Shankar, N.: Proof search in first-order linear logic and other cut-free sequent calculi. In: Ninth Annual Symposium on Logic in Computer Science (Paris, France), pp. 282–291. IEEE Computer Society Press (1994)Google Scholar
  34. 34.
    Masseron, M., Tollu, C., Vauzeilles, J.: Generating plans in linear logic I: actions as proofs. Theor. Comp. Sci. 113(2), 349–370 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  35. 35.
    Mayr, E.W.: An algorithm for the general Petri net reachability problem. SIAM J. Comput. 13(3), 441–460 (1984)MathSciNetzbMATHCrossRefGoogle Scholar
  36. 36.
    McDermott, D., Hendler, J.: Planning: what it is, what it could be, An introduction to the special issue on planning and scheduling. Artif. Intell. 76, 1–16 (1995)CrossRefGoogle Scholar
  37. 37.
    McLean, J.: Security models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. Wiley (1994)Google Scholar
  38. 38.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. In: Selected Papers of the Second Workshop on Concurrency and Compositionality, pp. 73–155. Elsevier Science Publishers Ltd. Essex (1992)Google Scholar
  39. 39.
    Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. Comput. Secur. 14(2), 157–196 (2006). Extended abstract in CSFW, pp. 172–186 (2004)Google Scholar
  40. 40.
    Nilsson, N.J.: Principles of Artificial Intelligence. Springer, Berlin (1980)zbMATHGoogle Scholar
  41. 41.
    Papadimitriou, C.: Computational Complexity. Addison-Wesley Publishing Company, Inc., Reading, MA (1994)zbMATHGoogle Scholar
  42. 42.
    Reagle, J., Cranor, L.F.: The platform for privacy preferences. Commun. ACM 42(2), 48–55 (1999)CrossRefGoogle Scholar
  43. 43.
    Reynolds, J.C.: Syntactic control of interference. In: Symposium on Principles of Programming Languages (POPL), pp. 39–46 (1978)Google Scholar
  44. 44.
    Rowe, P.: Policy Compliance, Confidentiality and Complexity in Collaborative Systems. PhD thesis, University of Pennsylvania (2009)Google Scholar
  45. 45.
    Savitch, W.J., Relationship between nondeterministic and deterministic tape classes. J. Comput. Syst. Sci. 4, 177–192 (1970)MathSciNetzbMATHCrossRefGoogle Scholar
  46. 46.
    Scedrov, A.: Linear logic and computation: A survey. In: Schwichtenberg, H. (ed.) Proof and Computation, Proceedings Marktoberdorf Summer School 1993, pp. 281–298. NATO Advanced Science Institutes, Series F, Springer-Verlag, Berlin (1994)Google Scholar
  47. 47.
    Taylor, N.E., Ives, Z.G.: Reconciling while tolerating disagreement in collaborative data sharing. In: ACM SIGMOD Conference on Management of Data, pp. 13–24 (2006)Google Scholar
  48. 48.
    Wiederhold, G., Bilello, M., Sarathy, V., Qian, X.: Protecting collaboration. In: Proc. 19th NIST-NCSC National Information Systems Security Conference, pp. 561–569 (1996)Google Scholar
  49. 49.
    Zdancewic, S., Myers, A.C.: Robust declassification. In: Proc. 14th IEEE Computer Securtiy Foundations Workshop (CSFW), pp. 15–23 (2001)Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  1. 1.Queen MaryUniversity of LondonLondonUK
  2. 2.The MITRE CorporationBedfordUSA
  3. 3.University of PennsylvaniaPhiladelphiaUSA

Personalised recommendations