Sciweavers

CCS
2006
ACM

On the modeling and analysis of obligations

14 years 3 months ago
On the modeling and analysis of obligations
Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system. In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system. Categories and Subject Descriptors: K.6.5 [Management of Comp...
Keith Irwin, Ting Yu, William H. Winsborough
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CCS
Authors Keith Irwin, Ting Yu, William H. Winsborough
Comments (0)