Ensuring authorization privileges for cascading user obligations

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2012, Pages 33-43

  Chowdhury, Omar ^a   Pontual, Murillo ^a   Winsborough, William H ^a   Yu, Ting ^b   Irwin, Keith ^c   Niu, Jianwei ^a  

^a UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

^b NORTH CAROLINA STATE UNIVERSITY   (United States)

^c WINSTON SALEM STATE UNIVERSITY   (United States)

Author keywords

Accountability; Authorization; Cascading obligations; Obligations; RBAC

Indexed keywords

ACCOUNTABILITY; AUTHORIZATION; CASCADING OBLIGATIONS; OBLIGATIONS; RBAC;

ACCESS CONTROL;

EID: 84864037216     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2295136.2295144     Document Type: Conference Paper

References (26)

1. Senate banking committee, Gramm-Leach-Bliley Act, 1999. Public Law 106-102.
2. M. Ali, L. Bussard, and U. Pinsdorf. Obligation Language and Framework to Enable Privacy-Aware SOA. In Data Privacy Management and Autonomous Spontaneous Security, volume 5939 of Lecture Notes in Computer Science, pages 18-32. Springer Berlin, Heidelberg, 2010.
3. A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. Security and Privacy, IEEE Symposium on, 0:184-198, 2006. (Pubitemid 44753722)
4. C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Provisions and obligations in policy rule management. J. Netw. Syst. Manage., 11(3):351-372, 2003.
5. O. Chowdhury, M. Pontual, W. H. Winsborough, T. Yu, K. Irwin, and J. Niu. Ensuring authorization privileges for cascading user obligations. Technical Report CS-TR-2012-005, UT San Antonio, 2012.
6. D. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. In 2nd International Workshop on Policies for Distributed Systems and Networks, Bristol, UK, Jan. 2001. Springer-Verlag.
7. D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In Proceedings of the 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, Proceedings, pages 375-389, 2007.
8. Y. Elrakaiby, F. Cuppens, and N. Cuppens-Boulahia. Formal enforcement and management of obligation policies. Data Knowl. Eng., 71:127-147, Jan. 2012.
9. D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security, pages 224-274, Aug. 2001.
10. P. Gama and P. Ferreira. Obligation policies: An enforcement platform. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, June 2005. IEEE Computer Society.
11. Health Resources and Services Administration. Health insurance portability and accountability act, 1996. Public Law 104-191.
12. K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM conference on Computer and communications security, pages 134-143, New York, NY, USA, 2006. ACM. (Pubitemid 47131363)
13. A. J. I. Jones. On the relationship between permission and obligation. In ICAIL '87, New York, NY, USA. ACM.
14. N. Li, H. Chen, and E. Bertino. On practical specification and enforcement of obligations. In Proceedings of the second ACM conference on Data and application security and privacy, 2012.
15. M. J. May, C. A. Gunter, and I. Lee. Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In CSFW '06, Washington, DC, USA, 2006. IEEE Computer Society.
16. L. McCarty. Pemissions and obligations. In Proceedings IJCAI-83, 1983.
17. N. H. Minsky and A. D. Lockman. Ensuring integrity by adding obligations to privileges. In Proceedings of the 8th international conference on Software engineering, pages 92-102, Los Alamitos, CA, USA, 1985. IEEE Computer Society Press.
18. Q. Ni, E. Bertino, and J. Lobo. An obligation model bridging access control policies and privacy policies. In SACMAT' 08, New York, NY, USA. ACM.
19. Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In Proceedings of the SACMAT'07, New York, NY, USA. ACM.
20. M. Pontual, O. Chowdhury, W. Winsborough, T. Yu, and K. Irwin. Toward Practical Authorization Dependent User Obligation Systems. In ASIACCS' 10, pages 180-191. ACM Press, 2010.
21. M. Pontual, O. Chowdhury, W. H. Winsborough, T. Yu, and K. Irwin. On the management of user obligations. SACMAT '11, New York, NY, USA. ACM.
22. R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105-135, Feb. 1999.
23. A. Sasturkar, P. Yang, S. Stoller, and C. Ramakrishnan. Policy analysis for administrative role based access control. In Computer Security Foundations Workshop, 2006. 19th IEEE, 2006.
24. S. D. Stoller, P. Yang, C. R. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control. In CCS '07, New York, NY, USA, 2007. ACM.
25. A. Uszok, J. Bradshaw, R. Jeffers, N. Suri, P. Hayes, M. Breedy, L. Bunch, M. Johnson, S. Kulkarni, and J. Lott. Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In POLICY '03, Washington, DC, USA, 2003. IEEE Computer Society.
26. XACML TC. Oasis extensible access control markup language (xacml). http://www.oasis-open.org/committees/xacml/.