ABSTRACT
User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.
- Senate banking committee, Gramm-Leach-Bliley Act, 1999. Public Law 106-102.Google Scholar
- M. Ali, L. Bussard, and U. Pinsdorf. Obligation Language and Framework to Enable Privacy-Aware SOA. In Data Privacy Management and Autonomous Spontaneous Security, volume 5939 of Lecture Notes in Computer Science, pages 18--32. Springer Berlin, Heidelberg, 2010. Google ScholarDigital Library
- A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. Security and Privacy, IEEE Symposium on, 0:184--198, 2006. Google ScholarDigital Library
- C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Provisions and obligations in policy rule management. J. Netw. Syst. Manage., 11(3):351--372, 2003. Google ScholarDigital Library
- O. Chowdhury, M. Pontual, W. H. Winsborough, T. Yu, K. Irwin, and J. Niu. Ensuring authorization privileges for cascading user obligations. Technical Report CS-TR-2012-005, UT San Antonio, 2012.Google ScholarDigital Library
- D. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. In 2nd International Workshop on Policies for Distributed Systems and Networks, Bristol, UK, Jan. 2001. Springer-Verlag. Google ScholarDigital Library
- D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In Proceedings of the 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, Proceedings, pages 375--389, 2007. Google ScholarDigital Library
- Y. Elrakaiby, F. Cuppens, and N. Cuppens-Boulahia. Formal enforcement and management of obligation policies. Data Knowl. Eng., 71:127--147, Jan. 2012. Google ScholarDigital Library
- D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security, pages 224--274, Aug. 2001. Google ScholarDigital Library
- P. Gama and P. Ferreira. Obligation policies: An enforcement platform. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, June 2005. IEEE Computer Society. Google ScholarDigital Library
- Health Resources and Services Administration. Health insurance portability and accountability act, 1996. Public Law 104-191.Google Scholar
- K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM conference on Computer and communications security, pages 134--143, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- A. J. I. Jones. On the relationship between permission and obligation. In ICAIL '87, New York, NY, USA. ACM. Google ScholarDigital Library
- N. Li, H. Chen, and E. Bertino. On practical specification and enforcement of obligations. In Proceedings of the second ACM conference on Data and application security and privacy, 2012. Google ScholarDigital Library
- M. J. May, C. A. Gunter, and I. Lee. Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In CSFW '06, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- L. McCarty. Pemissions and obligations. In Proceedings IJCAI-83, 1983. Google ScholarDigital Library
- N. H. Minsky and A. D. Lockman. Ensuring integrity by adding obligations to privileges. In Proceedings of the 8th international conference on Software engineering, pages 92--102, Los Alamitos, CA, USA, 1985. IEEE Computer Society Press. Google ScholarDigital Library
- Q. Ni, E. Bertino, and J. Lobo. An obligation model bridging access control policies and privacy policies. In SACMAT' 08, New York, NY, USA. ACM. Google ScholarDigital Library
- Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In Proceedings of the SACMAT'07, New York, NY, USA. ACM. Google ScholarDigital Library
- M. Pontual, O. Chowdhury, W. Winsborough, T. Yu, and K. Irwin. Toward Practical Authorization Dependent User Obligation Systems. In ASIACCS' 10, pages 180--191. ACM Press, 2010. Google ScholarDigital Library
- M. Pontual, O. Chowdhury, W. H. Winsborough, T. Yu, and K. Irwin. On the management of user obligations. SACMAT '11, New York, NY, USA. ACM. Google ScholarDigital Library
- R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105--135, Feb. 1999. Google ScholarDigital Library
- A. Sasturkar, P. Yang, S. Stoller, and C. Ramakrishnan. Policy analysis for administrative role based access control. In Computer Security Foundations Workshop, 2006. 19th IEEE, 2006. Google ScholarDigital Library
- S. D. Stoller, P. Yang, C. R. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control. In CCS '07, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- A. Uszok, J. Bradshaw, R. Jeffers, N. Suri, P. Hayes, M. Breedy, L. Bunch, M. Johnson, S. Kulkarni, and J. Lott. Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In POLICY'03, Washington, DC, USA, 2003. IEEE Computer Society. Google ScholarDigital Library
- XACML TC. Oasis extensible access control markup language (xacml). http://www.oasis-open.org/committees/xacml/.Google Scholar
Recommendations
On the modeling and analysis of obligations
CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityTraditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes ...
Beyond accountability: using obligations to reduce risk exposure and deter insider attacks
SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologiesRecently, the importance of including obligations as part of access control systems for privilege management, for example, in healthcare information systems, has been well recognized. In an access control system, an a posteriori obligation states which ...
Toward practical authorization-dependent user obligation systems
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications SecurityMany authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when ...
Comments