Formal enforcement and management of obligation policies
Data & Knowledge Engineering
Obligation language and framework to enable privacy-aware SOA
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
Hi-index | 0.00 |
The specification of abstract security policies which indirectly apply to system entities (like subjects and objects) through group relations (like roles or domains) has been shown to simplify policy specification, interpretation and analysis. In this paper, we show how the abstraction of subjects, actions and objects in obligation policies using group relations can enhance the expressiveness of obligation policy languages. More precisely, we introduce the notion of group contexts through which the policy designer can choose different interpretations for group relations in obligation security rules enabling him or her to specify obligations representing shared responsibilities such as "All patients must be checked by a doctor'' or obligations expressing sets of alternative actions such as "Every customer should pay either in cash or by check''. Management and monitoring requirements of such obligations called group obligations are studied and formalized.