ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Protection in operating systems
Communications of the ACM
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Proceedings of the 2004 ACM symposium on Applied computing
Facilitating cross-organisational workflows with a workflow view approach
Data & Knowledge Engineering - Special issue: Contract-driven coordination and collaboration in the internet context
XacT: a bridge between resource management and access control in multi-layered applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
A framework for evidence lifecycle management
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
In [Schaad and Moffett, 2002] we have presented our initial investigations into the delegation of obligations and the concept of review as one kind of organisational principle to control such delegation activities. This initial work led us to a more detailed and refined analysis of organisational controls [Schaad, 2003], [Schaad and Moffett, 2004] with a particular emphasis on the notion of general and specific obligations [Schaad, 2004]. In particular, this distinction allowed us to formally capture how a principal may be related to an obligation; how obligations relate to roles; and how the delegation of specific and general obligations may be controlled through the concepts of review and supervision. This paper complements the delegation of obligation and authorisation policy objects by discussing their revocation, based on the revocation schemes suggested in [Hagstrom et al., 2001]. In particular, we will investigate how delegated general and specific obligations can be revoked and what effect the presence of roles has on the revocation process. We use the Alloy language and its automated analysis facilities [Jackson, 2001] to formally support our discussion.