Using Time Loops to Learn Security Policies

A security policy is a function that can be applied to each state transition in a finite state machine to partition all states into authorized or unauthorized states. A secure system is one in which the state machine is always in authorized states. Thus the specification of a security policy is essential to the definition of security. This proposal describes the Time Loop method to automatically learn a security policy without specification. The Time Loop model can be applied to a wide variety of computer systems from simple CPSs to data center computers, and even to networks of computers. The proposal will examine the feasibility of the Time Loop Model. If successful this approach will allow legacy DoD systems to be strengthened and new systems to be developed faster.