XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Formal Characterization of Active Databases
LID '96 Proceedings of the International Workshop on Logic in Databases
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Nomad: A Security Model with Non Atomic Actions and Deadlines
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Modeling contextual security policies
International Journal of Information Security
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Advanced Policy Explanations on the Web
Proceedings of the 2006 conference on ECAI 2006: 17th European Conference on Artificial Intelligence August 29 -- September 1, 2006, Riva del Garda, Italy
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Pre-obligations denote actions that may be required before access is granted. The successful fulfillment of pre-obligations leads to the authorization of the requested access. Pre-obligations enable a more flexible enforcement of authorization policies. This paper formalizes interactions between the obligation and authorization policy states when pre-obligations are supported and investigates their use in a practical scenario. The main advantage of the presented approach is that it gives pre-obligations both declarative semantics using predicate logic and operational semantics using Event-Condition-Action ECA rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either 1 statically an access request is denied if the pre-obligation has not been fulfilled; or 2 dynamically users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized.