Formalization and management of group obligations

Authors:
Yehia El Rakaiby;Frédéric Cuppens;Nora Cuppens-Boulahia
Affiliations:
TELECOM Institute, TELECOM-Bretagne, Cesson Sévigné, France;TELECOM Institute, TELECOM-Bretagne, Cesson Sévigné, France;TELECOM Institute, TELECOM-Bretagne, Cesson Sévigné, France
Venue:
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Year:
2009

Citing 13
Cited 0

A policy description language

AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Conflicts in Policy-Based Distributed Systems Management

IEEE Transactions on Software Engineering
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Formal Characterizations of Active Databases: Part II

DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
Formal Characterization of Active Databases

LID '96 Proceedings of the International Workshop on Logic in Databases
A Policy Language for a Pervasive Computing Environment

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Monitoring in Policy Management

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
On the role of roles: from role-based to role-sensitive access control

Proceedings of the ninth ACM symposium on Access control models and technologies
Nomad: A Security Model with Non Atomic Actions and Deadlines

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Modeling contextual security policies

International Journal of Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The specification of abstract security policies which indirectly apply to system entities (like subjects and objects) through group relations (like roles or domains) bas been shown to simplify policy specification, interpretation and analysis. In this paper, we show how the abstraction of subjects, actions and objects in obligation policies using group relations can enhance the expressiveness of obligation policy languages. More precisely, we introduce the notion of group contexts through which the policy designer can choose different interpretations for group relations in obligation security rules enabling him or her to specify obligations representing shared responsibilities such as "All patients must be checked by a doctor" or obligations expressing sets of alternative actions such as "Every customer should pay either in cash or by check". Management and monitoring requirements of such obligations called group obligations are studied and formalized.