Obligations and their interaction with programs

Authors:
Daniel J. Dougherty;Kathi Fisler;Shriram Krishnamurthi
Affiliations:
Department of Computer Science, WPI;Department of Computer Science, WPI;Computer Science Department, Brown University
Venue:
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Year:
2007

Citing 20
Cited 15

The temporal logic of reactive and concurrent systems

The temporal logic of reactive and concurrent systems
Ensuring integrity by adding obligations to privileges

ICSE '85 Proceedings of the 8th international conference on Software engineering
XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
Alloy: a lightweight object modelling notation

ACM Transactions on Software Engineering and Methodology (TOSEM)
An asynchronous rule-based approach for business process automation using obligations

Proceedings of the 2002 ACM SIGPLAN workshop on Rule-based programming
Alternating-time temporal logic

Journal of the ACM (JACM)
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Logics and Models of Real Time: A Survey

Proceedings of the Real-Time: Theory in Practice, REX Workshop
Delegation of Obligations

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Obligation Monitoring in Policy Management

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Specification and verification of data-driven web services

PODS '04 Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Privacy and Contextual Integrity: Framework and Applications

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
On the modeling and analysis of obligations

Proceedings of the 13th ACM conference on Computer and communications security
Verifying temporal heap properties specified via evolution logic

ESOP'03 Proceedings of the 12th European conference on Programming
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Revocation of obligation and authorisation policy objects

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
On obligations

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Conflicting obligations in multi-agent deontic logic

DEON'06 Proceedings of the 8th international conference on Deontic Logic and Artificial Normative Systems

An obligation model bridging access control policies and privacy policies

Proceedings of the 13th ACM symposium on Access control models and technologies
Authorization and Obligation Policies in Dynamic Systems

ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Expressive policy analysis with enhanced system dynamicity

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Toward practical authorization-dependent user obligation systems

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Analysis of privacy and security policies

IBM Journal of Research and Development
On the management of user obligations

Proceedings of the 16th ACM symposium on Access control models and technologies
Policy auditing over incomplete logs: theory, implementation and applications

Proceedings of the 18th ACM conference on Computer and communications security
Formal enforcement and management of obligation policies

Data & Knowledge Engineering
Policy monitoring in first-order temporal logic

CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Understanding and protecting privacy: formal semantics and principled audit mechanisms

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Ensuring authorization privileges for cascading user obligations

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
The specification and compilation of obligation policies for program monitoring

Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule

Proceedings of the 18th ACM symposium on Access control models and technologies
Required information release

Journal of Computer Security - CSF 2010
Formal specification and management of security policies with collective group obligations

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Obligations are pervasive in modern systems, often linked to access control decisions. We present a very general model of obligations as objects with state, and discuss its interaction with a program's execution. We describe several analyses that the model enables, both static (for verification) and dynamic (for monitoring). This includes a systematic approach to approximating obligations for enforcement. We also discuss some extensions that would enable practical policy notations. Finally, we evaluate the robustness of our model against standard definitions from jurisprudence.