On the management of user obligations

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2011, Pages 175-184

  Pontual, Murillo ^a   Chowdhury, Omar ^a   Winsborough, William H ^a   Yu, Ting ^b   Irwin, Keith ^c  

^a UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

^b NORTH CAROLINA STATE UNIVERSITY   (United States)

^c WINSTON SALEM STATE UNIVERSITY   (United States)

Author keywords

Accountability; Authorization; Obligations; Policy; RBAC

Indexed keywords

ACCOUNTABILITY; AUTHORIZATION; AUTHORIZATION SYSTEMS; OBLIGATIONS; PROGRAM SLICING; RBAC; REFERENCE MONITORS; SYSTEM ARCHITECTURES;

LAKES; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 79960179819     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1998441.1998473     Document Type: Conference Paper

References (20)

1. A Framework for Enforcing User Obligations. Technical Report CS-TR-2011-001. The University of Texas at San Antonio.
2. M. Ali, L. Bussard, and U. Pinsdorf. Obligation Language and Framework to Enable Privacy-Aware SOA. In Data Privacy Management and Autonomous Spontaneous Security, volume 5939 of Lecture Notes in Computer Science, pages 18-32. Springer Berlin, Heidelberg, 2010.
3. M. Casassa and F. Beato. On Parametric Obligation Policies: Enabling Privacy-Aware Information Lifecycle Management in Enterprises. In Policies for Distributed Systems and Networks., pages 51 -55, jun. 2007. (Pubitemid 47469544)
4. D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In Proceedings of the 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, Proceedings, pages 375-389, 2007.
5. M. P. Gallaher, A. C. Oconnor, and B. Kropp. The Economic Impact of Role-Based Access Control, March 2002Availableathttp://www.nist.gov/director/ prog-ofc/report02-1.pdf.
6. P. Gama and P. Ferreira. Obligation policies: An enforcement platform. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, June 2005. IEEE Computer Society.
7. M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. A policy language for distributed usage control. In J. Biskup and J. Lopez, editors, Computer Security - ESORICS 2007, volume 4734 of Lecture Notes in Computer Science, pages 531-546. Springer Berlin, Heidelberg, 2008.
8. K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM conference on Computer and communications security, pages 134-143, New York, NY, USA, 2006. ACM. (Pubitemid 47131363)
9. K. Irwin, T. Yu, and W. H. Winsborough. Assigning responsibilities for failed obligations. In IFIPTM Joined iTrust and PST Conference on Privacy, Trust Management and Security, pages 327-342. Springer Boston, 2008.
10. B. Katt, X. Zhang, R. Breu, M. Hafner, and J.-P. Seifert. A general obligation model and continuity: enhanced policy enforcement engine for usage control. In Proceedings of the 13th ACM symposium on Access control models and technologies, pages 123-132, New York, NY, USA, 2008. ACM.
11. N. H. Minsky and A. D. Lockman. Ensuring integrity by adding obligations to privileges. In Proceedings of the 8th international conference on Software engineering, pages 92-102, Los Alamitos, CA, USA, 1985. IEEE Computer Society Press.
12. Q. Ni, E. Bertino, and J. Lobo. An obligation model bridging access control policies and privacy policies. In Proceedings of the 13th ACM symposium on Access control models and technologies, pages 133-142, New York, NY, USA, 2008. ACM.
13. Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In Proceedings of the 12th ACM symposium on Access control models and technologies, pages 41-50, New York, NY, USA, 2007. ACM. (Pubitemid 47281536)
14. J. Park and R. Sandhu. The uconabc usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128-174, 2004.
15. M. Pontual, O. Chowdhury, W. Winsborough, T. Yu, and K. Irwin. Toward Practical Authorization Dependent User Obligation Systems. In Proceedings of the 5th International Symposium on ACM Symposium on Information, Computer and Communications Security, 2010.
16. M. Pontual, K. Irwin, O. Chowdhury, W. H. Winsborough, and T. Yu. Failure feedback for user obligation systems. In The Second IEEE International Conference on Information Privacy, Security, Risk and Trust, pages 713 -720, 2010.
17. R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105-135, Feb. 1999.
18. A. Sasturkar, A. Yang, S. D. Stoller, and C. Ramakrishnan. Policy analysis for administrative role based access control. volume 0, pages 124-138, Los Alamitos, CA, USA, 2006. IEEE Computer Society.
19. V. Swarup, L. Seligman, and A. Rosenthal. A data sharing agreement framework. In Information Systems Security, Second International Conference, Kolkata, India, December 19-21, Proceedings, pages 22-36, 2006.
20. M. Weiser. Program slicing. In Proceedings of the 5th international conference on Software engineering, pages 439-449, Piscataway, NJ, USA, 1981. IEEE Press.