Advances in Petri nets 1986, part II on Petri nets: applications and relationships to other models of concurrency
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Logics for specifying concurrent information systems
Logics for databases and information systems
An authorization model for temporal data
Proceedings of the 7th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
The Temporal Semantics of Concurrent Programs
Proceedings of the International Sympoisum on Semantics of Concurrent Computation
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
A model-based approach to integrating security policies for embedded devices
Proceedings of the 4th ACM international conference on Embedded software
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Metareasoning about Security Protocols using Distributed Temporal Logic
Electronic Notes in Theoretical Computer Science (ENTCS)
Communications of the ACM - Privacy and security in highly dynamic systems
Usage control platformization via trustworthy SELinux
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Towards the development of privacy-aware systems
Information and Software Technology
Relationship Based Privacy Management for Ubiquitous Society
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part I
Policy Evolution in Distributed Usage Control
Electronic Notes in Theoretical Computer Science (ENTCS)
On observable delegation of personal data by watermarking
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Monitoring security policies with metric first-order temporal logic
Proceedings of the 15th ACM symposium on Access control models and technologies
A dynamic privacy model for web services
Computer Standards & Interfaces
A purpose-based privacy-aware system using privacy data graph
Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Towards defining semantic foundations for purpose-based privacy policies
Proceedings of the first ACM conference on Data and application security and privacy
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Controlling access to documents: a formal access control model
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Bringing the user back into control: a new paradigm for usability in highly dynamic systems
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Policy monitoring in first-order temporal logic
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
A systemic approach to automate privacy policy enforcement in enterprises
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
A data sharing agreement framework
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Obligation language and framework to enable privacy-aware SOA
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Usage control in service-oriented architectures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A privacy framework for the personal web
The Personal Web
Journal of Computer Security - CSF 2010
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
| Hi-index | 0.00 |
Access control is concerned with granting access to sensitive data based on conditions that relate to the past or present, so-called provisions. Expressing requirements from the domain of data protection necessitates extending this notion with conditions that relate to the future. Obligations, in this sense, are concerned with commitments of the involved parties. At the moment of granting access, adherence to these commitments cannot be guaranteed. An example is the requirement “do not re-distribute data”, where the actions of the involved parties may not even be observable. We provide a formal framework that allows us to precisely specify data protection policies. A syntactic classification of formulas gives rise to natural and intuitive formal definitions of provisions and obligations. Based on this classification, we present different mechanisms for checking adherence to agreed upon commitments.