On the relationship between permission and obligation
ICAIL '87 Proceedings of the 1st international conference on Artificial intelligence and law
Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Ensuring integrity by adding obligations to privileges
ICSE '85 Proceedings of the 8th international conference on Software engineering
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
Obligation Policies: An Enforcement Platform
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy and Contextual Integrity: Framework and Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
IJCAI'83 Proceedings of the Eighth international joint conference on Artificial intelligence - Volume 1
A data sharing agreement framework
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
On practical specification and enforcement of obligations
Proceedings of the second ACM conference on Data and Application Security and Privacy
Ensuring authorization privileges for cascading user obligations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
On XACML's adequacy to specify and to enforce HIPAA
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
| Hi-index | 0.00 |
Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.