ABSTRACT
Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.
- R. J. Anderson. A security policy model for clinical information systems. In Proc. IEEE Symposium on Security and Privacy, pages 30--43, 1996.]] Google ScholarDigital Library
- E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo. A logical framework for reasoning on data access control policies. In Proc. 12th IEEE Computer Security Foundations Workshop, pages 175--189, 1999.]] Google ScholarDigital Library
- E. Bertino, S. Castano, and E. Ferrari. On specifying security policies for web documents with an XML-based language. In Proc. 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, May 2001.]] Google ScholarDigital Library
- C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Provisions and obligations in policy management and security applications. In VLDB, Hong Kong, China, Aug. 2002.]]Google Scholar
- C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Obligation monitoring in policy management. In IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy, June 2003.]] Google ScholarDigital Library
- C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Provisions and obligations in policy rule management. J. Network Syst. Manage., 11(3), 2003.]] Google ScholarDigital Library
- M. Blaze, J. Feigenbaum, and M. Strauss. Compliance Checking in the PolicyMaker Trust Management System. In Financial Cryptography, British West Indies, Feb. 1998.]] Google ScholarDigital Library
- C. Bussler and S. Jablonski. Policy resolution for workflow management systems. In Proc. Hawaii International Conference on System Science, Maui, Hawaii, January 1995.]] Google ScholarDigital Library
- D. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. In 2nd International Workshop on Policies for Distributed Systems and Networks, Bristol, UK, Jan. 2001.]] Google ScholarDigital Library
- N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The ponder policy specification language. In Proc. International Workshop on Policies for Distributed Systems and Networks, pages 18--38, 2001.]] Google ScholarDigital Library
- B. S. Firozabadi, M. Sergot, A. Squicciarini, and E. Bertino. A framework for contractual resource sharing in coalitions. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004, Yorktown Heights, New York, June 2004.]] Google ScholarDigital Library
- P. Gama and P. Ferreira. Obligation policies: An enforcement platform. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 2005.]] Google ScholarDigital Library
- P. Griffiths and B. Wade. An authorization mechanism for a relational database systems. ACM Transactions on Database Systems, 1(3), 1976.]] Google ScholarDigital Library
- M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461--471, Aug. 1976.]] Google ScholarDigital Library
- IBM. Enterprise Privacy Authorization Language (EPAL 1.1) Specification. http://www.zurich.ibm.com/security/enterprise-privacy/epal/.]]Google Scholar
- K. Irwin, T. Yu, and W. Winsborough. On the modeling and analysis of obligations. Technical Report NCSU CS TR 2006-26, North Carolina State University, 2006. ftp://ftp.ncsu.edu/pub/unity/lockers/ftp/csc_anon/tech/2006/TR-2006-26.%.pdf.]]Google ScholarDigital Library
- S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. 1997 IEEE Symposium on Security and Privacy, pages 31--42, 1997.]] Google ScholarDigital Library
- S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. In Proc. ACM SIGMOD International Conference on Management of Data, pages 474--485, 1997.]] Google ScholarDigital Library
- L. Kagal, T. W. Finin, and A. Joshi. A policy language for a pervasive computing environment. In IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy, June 2003.]] Google ScholarDigital Library
- H. Kamoda, M. Yamaoka, S. Matsuda, K. Broda, and M. Sloman. Policy conflict analysis using free variable tableaux for access control in web services environments. In Policy Management for the Web Workshop, Chiba, Japan, May 2005.]]Google Scholar
- M. Kudo and S. Hada. XML document security based on provisional authorization. In Proc. ACM Conference on Computer and Communication Security, Athens, Greece, November 2000.]] Google ScholarDigital Library
- N. Li, W. H. Winsborough, and J. C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of IEEE Symposium on Security and Privacy, pages 123--139. IEEE Computer Society Press, May 2003.]] Google ScholarDigital Library
- T. Ryutov and C. Neuman. Representation and evaluation of security policies for distributed system services. In Proc. DARPA Information Survivability Conference and Exposition, January 2000.]]Google Scholar
- M. Sailer and M. Morciniec. Monitoring and execution for contract compliance. Technical Report TR 2001-261, HP Labs, 2001.]]Google Scholar
- R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105--135, Feb. 1999.]] Google ScholarDigital Library
- R. S. Sandhu. The Schematic Protection Model: Its definition and analysis for acyclic attenuating systems. Journal of ACM, 35(2):404--432, 1988.]] Google ScholarDigital Library
- E. Sirer and K. Wang. An access control language for web services. In Proc. 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, June 2002.]] Google ScholarDigital Library
- X. TC. Oasis extensible access control markup language (xacml). http://www.oasis-open.org/committees/xacml/.]]Google Scholar
- A. Uszok, J. M. Bradshaw, R. Jeffers, N. Suri, P. J. Hayes, M. R. Breedy, L. Bunch, M. Johnson, S. Kulkarni, and J. Lott. Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy, June 2003.]] Google ScholarDigital Library
- OASIS eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml/, 2005.]]Google Scholar
Index Terms
- On the modeling and analysis of obligations
Recommendations
Toward practical authorization-dependent user obligation systems
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications SecurityMany authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when ...
On the management of user obligations
SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologiesThis paper is part of a project investigating authorization systems that assign obligations to users. We are particularly interested in obligations that require authorization to be performed and that, when performed, may modify the authorization state. ...
Formal specification and management of security policies with collective group obligations
Obligations are an essential element of security policies since they enable the specification of many security requirements such as availability, privacy, usage control and data protection. In everyday life, the fulfillment of obligations is often the ...
Comments