On the management of user obligations

Murillo Pontual, Omar Chowdhury, William H. Winsborough, Ting Yu, Keith Irwin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

This paper is part of a project investigating authorization systems that assign obligations to users. We are particularly interested in obligations that require authorization to be performed and that, when performed, may modify the authorization state. In this context, a user may incur an obligation she is unauthorized to perform. Prior work has introduced a property of the authorization system state that ensures users will be authorized to fulfill their obligations. We call this property accountability because users that fail to perform authorized obligations are accountable for their non-performance. While a reference monitor can mitigate violations of accountability, it cannot prevent them entirely. This paper presents techniques to be used by obligation system managers to restore accountability. We introduce several notions of dependence among pending obligations that must be considered in this process. We also introduce a novel notion we call obligation pool slicing, owing to its similarity to program slicing. An obligation pool slice identifies a set of obligations that the administrator may need to consider when applying strategies proposed here for restoring accountability. The paper also presents the system architecture of an authorization system that incorporates obligations that can require and affect authorizations.

Original languageEnglish
Title of host publicationSACMAT'11 - Proceedings of the 16th ACM Symposium on Access Control Models and Technologies
Pages175-184
Number of pages10
DOIs
Publication statusPublished - 15 Jul 2011
Event16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011 - Innsbruck, Austria
Duration: 15 Jun 201117 Jun 2011

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011
CountryAustria
CityInnsbruck
Period15/6/1117/6/11

    Fingerprint

Keywords

  • Accountability
  • Authorization
  • Obligations
  • Policy
  • RBAC

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Cite this

Pontual, M., Chowdhury, O., Winsborough, W. H., Yu, T., & Irwin, K. (2011). On the management of user obligations. In SACMAT'11 - Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (pp. 175-184). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1998441.1998473