AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Formal Characterizations of Active Databases: Part II
DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
Formal Characterization of Active Databases
LID '96 Proceedings of the International Workshop on Logic in Databases
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
On the role of roles: from role-based to role-sensitive access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Nomad: A Security Model with Non Atomic Actions and Deadlines
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Modeling contextual security policies
International Journal of Information Security
Hi-index | 0.00 |
The specification of abstract security policies which indirectly apply to system entities (like subjects and objects) through group relations (like roles or domains) bas been shown to simplify policy specification, interpretation and analysis. In this paper, we show how the abstraction of subjects, actions and objects in obligation policies using group relations can enhance the expressiveness of obligation policy languages. More precisely, we introduce the notion of group contexts through which the policy designer can choose different interpretations for group relations in obligation security rules enabling him or her to specify obligations representing shared responsibilities such as "All patients must be checked by a doctor" or obligations expressing sets of alternative actions such as "Every customer should pay either in cash or by check". Management and monitoring requirements of such obligations called group obligations are studied and formalized.