Failure feedback for user obligation systems

Murillo Pontual, Keith Irwin, Omar Chowdhury, William H. Winsborough, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

In recent years, several researchers have proposed techniques for providing users with assistance in understanding and overcoming authorization denials. The incorporation of environmental factors into authorization decisions has made this particularly important and challenging. An environmental factor that has not previously been considered in this effort to provide such assistance to users arises in systems where obligations can depend on and affect authorizations. In these systems, it is desirable to ensure that users will have the authorizations they require to fulfill their obligations, and prior work has proposed denying requests to perform non-obligatory actions that would cause this property to become violated, whether the violation is a direct result of the requested action or due to obligations that would be incurred as a result of it. Because of privacy concerns, as well as the intricate interactions between actions and pending obligations, the current work focuses on helping users find means of overcoming their denials, rather than focusing on explanation of the cause for denial. We show that in general this problem is PSPACE-hard. We then develop an approach based on an AIplanning tool and evaluate its effectiveness empirically. We find that this tool can often be quite helpful in medium sized problem instances, particularly when the number of steps that must be taken to enable the desired action is relatively small.

Original languageEnglish
Title of host publicationProceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust
Pages713-720
Number of pages8
DOIs
Publication statusPublished - 29 Nov 2010
Externally publishedYes
Event2nd IEEE International Conference on Social Computing, SocialCom 2010, 2nd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2010 - Minneapolis, MN, United States
Duration: 20 Aug 201022 Aug 2010

Other

Other2nd IEEE International Conference on Social Computing, SocialCom 2010, 2nd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2010
CountryUnited States
CityMinneapolis, MN
Period20/8/1022/8/10

Fingerprint

Feedback

Keywords

  • Accountability
  • Authorization systems
  • Obligations
  • Policy
  • RBAC

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems

Cite this

Pontual, M., Irwin, K., Chowdhury, O., Winsborough, W. H., & Yu, T. (2010). Failure feedback for user obligation systems. In Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust (pp. 713-720). [5591499] https://doi.org/10.1109/SocialCom.2010.111

Failure feedback for user obligation systems. / Pontual, Murillo; Irwin, Keith; Chowdhury, Omar; Winsborough, William H.; Yu, Ting.

Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust. 2010. p. 713-720 5591499.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Pontual, M, Irwin, K, Chowdhury, O, Winsborough, WH & Yu, T 2010, Failure feedback for user obligation systems. in Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust., 5591499, pp. 713-720, 2nd IEEE International Conference on Social Computing, SocialCom 2010, 2nd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2010, Minneapolis, MN, United States, 20/8/10. https://doi.org/10.1109/SocialCom.2010.111
Pontual M, Irwin K, Chowdhury O, Winsborough WH, Yu T. Failure feedback for user obligation systems. In Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust. 2010. p. 713-720. 5591499 https://doi.org/10.1109/SocialCom.2010.111
Pontual, Murillo ; Irwin, Keith ; Chowdhury, Omar ; Winsborough, William H. ; Yu, Ting. / Failure feedback for user obligation systems. Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust. 2010. pp. 713-720
@inproceedings{4362280fd9574556839d8b7fc3b27c4b,
title = "Failure feedback for user obligation systems",
abstract = "In recent years, several researchers have proposed techniques for providing users with assistance in understanding and overcoming authorization denials. The incorporation of environmental factors into authorization decisions has made this particularly important and challenging. An environmental factor that has not previously been considered in this effort to provide such assistance to users arises in systems where obligations can depend on and affect authorizations. In these systems, it is desirable to ensure that users will have the authorizations they require to fulfill their obligations, and prior work has proposed denying requests to perform non-obligatory actions that would cause this property to become violated, whether the violation is a direct result of the requested action or due to obligations that would be incurred as a result of it. Because of privacy concerns, as well as the intricate interactions between actions and pending obligations, the current work focuses on helping users find means of overcoming their denials, rather than focusing on explanation of the cause for denial. We show that in general this problem is PSPACE-hard. We then develop an approach based on an AIplanning tool and evaluate its effectiveness empirically. We find that this tool can often be quite helpful in medium sized problem instances, particularly when the number of steps that must be taken to enable the desired action is relatively small.",
keywords = "Accountability, Authorization systems, Obligations, Policy, RBAC",
author = "Murillo Pontual and Keith Irwin and Omar Chowdhury and Winsborough, {William H.} and Ting Yu",
year = "2010",
month = "11",
day = "29",
doi = "10.1109/SocialCom.2010.111",
language = "English",
isbn = "9780769542119",
pages = "713--720",
booktitle = "Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust",

}

TY - GEN

T1 - Failure feedback for user obligation systems

AU - Pontual, Murillo

AU - Irwin, Keith

AU - Chowdhury, Omar

AU - Winsborough, William H.

AU - Yu, Ting

PY - 2010/11/29

Y1 - 2010/11/29

N2 - In recent years, several researchers have proposed techniques for providing users with assistance in understanding and overcoming authorization denials. The incorporation of environmental factors into authorization decisions has made this particularly important and challenging. An environmental factor that has not previously been considered in this effort to provide such assistance to users arises in systems where obligations can depend on and affect authorizations. In these systems, it is desirable to ensure that users will have the authorizations they require to fulfill their obligations, and prior work has proposed denying requests to perform non-obligatory actions that would cause this property to become violated, whether the violation is a direct result of the requested action or due to obligations that would be incurred as a result of it. Because of privacy concerns, as well as the intricate interactions between actions and pending obligations, the current work focuses on helping users find means of overcoming their denials, rather than focusing on explanation of the cause for denial. We show that in general this problem is PSPACE-hard. We then develop an approach based on an AIplanning tool and evaluate its effectiveness empirically. We find that this tool can often be quite helpful in medium sized problem instances, particularly when the number of steps that must be taken to enable the desired action is relatively small.

AB - In recent years, several researchers have proposed techniques for providing users with assistance in understanding and overcoming authorization denials. The incorporation of environmental factors into authorization decisions has made this particularly important and challenging. An environmental factor that has not previously been considered in this effort to provide such assistance to users arises in systems where obligations can depend on and affect authorizations. In these systems, it is desirable to ensure that users will have the authorizations they require to fulfill their obligations, and prior work has proposed denying requests to perform non-obligatory actions that would cause this property to become violated, whether the violation is a direct result of the requested action or due to obligations that would be incurred as a result of it. Because of privacy concerns, as well as the intricate interactions between actions and pending obligations, the current work focuses on helping users find means of overcoming their denials, rather than focusing on explanation of the cause for denial. We show that in general this problem is PSPACE-hard. We then develop an approach based on an AIplanning tool and evaluate its effectiveness empirically. We find that this tool can often be quite helpful in medium sized problem instances, particularly when the number of steps that must be taken to enable the desired action is relatively small.

KW - Accountability

KW - Authorization systems

KW - Obligations

KW - Policy

KW - RBAC

UR - http://www.scopus.com/inward/record.url?scp=78649274775&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78649274775&partnerID=8YFLogxK

U2 - 10.1109/SocialCom.2010.111

DO - 10.1109/SocialCom.2010.111

M3 - Conference contribution

SN - 9780769542119

SP - 713

EP - 720

BT - Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust

ER -