International Journal of Information Security -special Issue on Fast '04 and '05 Manuscript No. Audit-based Compliance Control

نویسنده

  • G. Lenzini
چکیده

In this paper we introduce a new framework for controlling compliance to discretionary access control policies [9,11]. The framework consists of a simple policy language, modeling ownership of data and administrative policies. Users can create documents, and authorize others to process the documents. To control compliance to the document policies, we define a formal audit procedure by which users may be audited and asked to justify that an action was in compliance with a policy. In this paper we focus on the implementation of our framework. We present a formal proof system, which was only informally described in earlier work. We derive an important tractability result (a cut-elimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach to controlling the compliance to policies.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Editorial: Special issue on security of information and networks

All aspects of the modern life are related to processing, communicating, storing and retrieving of information in computer networks and systems. Security of information and networks is of vital importance and very highly relevant nowadays in view of rampant attacks on information systems, evolving BYOD practices in enterprises, and particularly due to drives towards cloud-based integration of e...

متن کامل

A Sudy on Information Privacy Issue on Social Networks

In the recent years, social networks (SN) are now employed for communication and networking, socializing, marketing, as well as one’s daily life. Billions of people in the world are connected though various SN platforms and applications, which results in generating massive amount of data online. This includes personal data or Personally Identifiable Information (PII). While more and more data a...

متن کامل

A Fast Localization and Feature Extraction Method Based on Wavelet Transform in Iris Recognition

With an increasing emphasis on security, automated personal identification based on biometrics has been receiving extensive attention. Iris recognition, as an emerging biometric recognition approach, is becoming a very active topic in both research and practical applications. In general, a typical iris recognition system includes iris imaging, iris liveness detection, and recognition. This rese...

متن کامل

An Empirical Analysis on Effects of Internal Control System on Tax Revenue Audit Performance; Evidence from Ethiopian Ministry of Revenue South and Southwestern Districts

This study analysis the effects of internal control system on Tax revenue audit performance in Ministry of Revenue South and southwestern districts under explanatory research design. The study employed primary data sources and analyzed it using a multiple regression analysis on SATA 14 software. The regression analysis results exhibited that control activities, control environment and informati...

متن کامل

Information Security Requirements for Implementing Electronic Health Records in Iran

Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007