On the modeling and analysis of obligations

Keith Irwin, Ting Yu, William H. Winsborough

Research output: Chapter in Book/Report/Conference proceedingConference contribution

71 Citations (Scopus)

Abstract

Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages134-143
Number of pages10
DOIs
Publication statusPublished - 2006
Externally publishedYes
EventCCS 2006: 13th ACM Conference on Computer and Communications Security - Alexandria, VA, United States
Duration: 30 Oct 20063 Nov 2006

Other

OtherCCS 2006: 13th ACM Conference on Computer and Communications Security
CountryUnited States
CityAlexandria, VA
Period30/10/063/11/06

Fingerprint

Access control
Availability

Keywords

  • Obligations
  • Policy

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Irwin, K., Yu, T., & Winsborough, W. H. (2006). On the modeling and analysis of obligations. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 134-143). [1180423] https://doi.org/10.1145/1180405.1180423

On the modeling and analysis of obligations. / Irwin, Keith; Yu, Ting; Winsborough, William H.

Proceedings of the ACM Conference on Computer and Communications Security. 2006. p. 134-143 1180423.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Irwin, K, Yu, T & Winsborough, WH 2006, On the modeling and analysis of obligations. in Proceedings of the ACM Conference on Computer and Communications Security., 1180423, pp. 134-143, CCS 2006: 13th ACM Conference on Computer and Communications Security, Alexandria, VA, United States, 30/10/06. https://doi.org/10.1145/1180405.1180423
Irwin K, Yu T, Winsborough WH. On the modeling and analysis of obligations. In Proceedings of the ACM Conference on Computer and Communications Security. 2006. p. 134-143. 1180423 https://doi.org/10.1145/1180405.1180423
Irwin, Keith ; Yu, Ting ; Winsborough, William H. / On the modeling and analysis of obligations. Proceedings of the ACM Conference on Computer and Communications Security. 2006. pp. 134-143
@inproceedings{3e8e5ad095074572825a6191f7136bc4,
title = "On the modeling and analysis of obligations",
abstract = "Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.",
keywords = "Obligations, Policy",
author = "Keith Irwin and Ting Yu and Winsborough, {William H.}",
year = "2006",
doi = "10.1145/1180405.1180423",
language = "English",
pages = "134--143",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - On the modeling and analysis of obligations

AU - Irwin, Keith

AU - Yu, Ting

AU - Winsborough, William H.

PY - 2006

Y1 - 2006

N2 - Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.

AB - Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.

KW - Obligations

KW - Policy

UR - http://www.scopus.com/inward/record.url?scp=34547346853&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34547346853&partnerID=8YFLogxK

U2 - 10.1145/1180405.1180423

DO - 10.1145/1180405.1180423

M3 - Conference contribution

SP - 134

EP - 143

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -