The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Logical Framework for Reasoning on Data Access Control Policies
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Policy resolution for workflow management systems
HICSS '95 Proceedings of the 28th Hawaii International Conference on System Sciences
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
A Framework for Contractual Resource Sharing in Coalitions
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Policies: An Enforcement Platform
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Avoiding information leakage in security-policy-aware planning
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Toward practical authorization-dependent user obligation systems
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Analysis of privacy and security policies
IBM Journal of Research and Development
Negotiating and delegating obligations
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
Towards defining semantic foundations for purpose-based privacy policies
Proceedings of the first ACM conference on Data and application security and privacy
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Formal enforcement and management of obligation policies
Data & Knowledge Engineering
On practical specification and enforcement of obligations
Proceedings of the second ACM conference on Data and Application Security and Privacy
A data sharing agreement framework
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Obligation language and framework to enable privacy-aware SOA
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Ensuring authorization privileges for cascading user obligations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Survey: Usage control in computer security: A survey
Computer Science Review
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
The specification and compilation of obligation policies for program monitoring
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
When privacy and utility are in harmony: towards better design of presence technologies
Personal and Ubiquitous Computing
Proceeding of the 44th ACM technical symposium on Computer science education
Beyond accountability: using obligations to reduce risk exposure and deter insider attacks
Proceedings of the 18th ACM symposium on Access control models and technologies
Proceedings of the 18th ACM symposium on Access control models and technologies
A real-time semantics for norms with deadlines
Proceedings of the 2013 international conference on Autonomous agents and multi-agent systems
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Journal of Computer Security - CSF 2010
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
| Hi-index | 0.00 |
Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.