A security model for personal information security management based on partial approximative set theory

Nowadays, computer users especially run their applications in a complex open computing environment which permanently changes in the running time. To describe the behavior of such systems, we focus solely on externally observable execution traces generated by the observed computing system. In these extreme circumstances the pattern of sequences of primitive actions (execution traces) which is observed by an external observer cannot be designed and/or forecast in advance. We have also taken into account in our framework that security policies are partial-natured. To manage the outlined problem we need tools which are approximately able to discover secure or insecure patterns in execution traces based on presupposes of computer users. Rough set theory may be such a tool. According to it, the vagueness of a subset of a finite universe U is defined by the difference of its lower and upper approximations with respect to a partition of the universe U. Using partitions, however, is a very strict requirement. In this paper, our starting point will be an arbitrary family of subsets of U. Neither that this family of sets covers the universe nor that the universe is finite will be assumed. This new approach is called the partial approximative set theory. We will apply it to build up a new security model for distributed software systems solely focusing on their externally observable executions and to find out whether the observed system is secure or not.