ACM Transactions on Information and System Security (TISSEC)
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Proceeding of the 44th ACM technical symposium on Computer science education
Hi-index | 0.00 |
An extensible software system must protect its resources from being abused by untrusted software extensions. The access control policies of such systems are traditionally enforced by reference monitors. Recent study of access control policies advocates the use of obligation policies, which impose behavioural constraints to the future actions of the accessor after the access is granted. It is argued that obligation policies provide continuous protection to the system. Not all obligation policies can be enforced by reference monitors. We argue that humans have long recognized the unenforceability of naively formulated obligation policies, and have devised standard policy idioms to cope with the issue. We therefore developed tool support to assist a policy developer in using such policy idioms. First, we designed a policy language to capture the idiomatic elements of obligation policies, in such a way that the elements are modular and composeable. Second, we designed a type system for capturing patterns of policy composition that preserve enforceability, such that well-typed policies are enforceable. Third, we designed a compilation algorithm that compiles well-typed policies into reference monitors. Such a framework helps policy developers articulate obligation policies and refine them into enforceable ones.