International Journal of Information Security -special Issue on Fast '04 and '05 Manuscript No. Audit-based Compliance Control
نویسنده
چکیده
In this paper we introduce a new framework for controlling compliance to discretionary access control policies [9,11]. The framework consists of a simple policy language, modeling ownership of data and administrative policies. Users can create documents, and authorize others to process the documents. To control compliance to the document policies, we define a formal audit procedure by which users may be audited and asked to justify that an action was in compliance with a policy. In this paper we focus on the implementation of our framework. We present a formal proof system, which was only informally described in earlier work. We derive an important tractability result (a cut-elimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach to controlling the compliance to policies.
منابع مشابه
Editorial: Special issue on security of information and networks
All aspects of the modern life are related to processing, communicating, storing and retrieving of information in computer networks and systems. Security of information and networks is of vital importance and very highly relevant nowadays in view of rampant attacks on information systems, evolving BYOD practices in enterprises, and particularly due to drives towards cloud-based integration of e...
متن کاملA Sudy on Information Privacy Issue on Social Networks
In the recent years, social networks (SN) are now employed for communication and networking, socializing, marketing, as well as one’s daily life. Billions of people in the world are connected though various SN platforms and applications, which results in generating massive amount of data online. This includes personal data or Personally Identifiable Information (PII). While more and more data a...
متن کاملA Fast Localization and Feature Extraction Method Based on Wavelet Transform in Iris Recognition
With an increasing emphasis on security, automated personal identification based on biometrics has been receiving extensive attention. Iris recognition, as an emerging biometric recognition approach, is becoming a very active topic in both research and practical applications. In general, a typical iris recognition system includes iris imaging, iris liveness detection, and recognition. This rese...
متن کاملAn Empirical Analysis on Effects of Internal Control System on Tax Revenue Audit Performance; Evidence from Ethiopian Ministry of Revenue South and Southwestern Districts
This study analysis the effects of internal control system on Tax revenue audit performance in Ministry of Revenue South and southwestern districts under explanatory research design. The study employed primary data sources and analyzed it using a multiple regression analysis on SATA 14 software. The regression analysis results exhibited that control activities, control environment and informati...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کامل