Formal Management and Enforcement of Obligation Policies
نویسندگان
چکیده
Obligations are generally actions that users are required to take and are essential for the expression of a large number of requirements. For instance, obligation actions may represent prerequisites to gain some privilege (pre obligations), to satisfy some ongoing or post requirement for resource usage (ongoing and post obligations), or to adhere to some privacy or availability policy. Obligations may also define states of affairs which should be maintained. An example of such obligations is the obligation “doctors should remain alert while in the operating room”. In this paper, we introduce a formal framework for the management and enforcement of obligation policies. The framework is formalized using concepts from action specification languages and the Event Condition Action paradigm of active databases. Therefore, our framework allows reasoning about change in the state of obligations and, at the same time, provides declarative formal semantics for their enforcement. In this framework, we support many types of obligations and show how to manage obligation activation, fulfillment and violation.
منابع مشابه
A Policy-Oriented Language for Expressing Security Specifications
Organizations’ authorization policies are usually described by access control rules enforced on each protected object scattered all over the organization. Having a single global security policy specification would promote both security clarity and coherency [4, 9, 18, 31, 37]. Having a single security model for the whole organization, a single point of management and enforcement with a innumero...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملRuntime enforcement monitors: composition, synthesis, and enforcement abilities
Runtime enforcement is a powerful technique to ensure that a program will respect a given set of properties. We extend previous work on this topic in several directions. Firstly, we propose a generic notion of enforcement monitors based on a memory device and finite sets of control states and enforcement operations. Moreover, we specify their enforcement abilities w.r.t. the general Safety-Prog...
متن کاملA Policy-Based Framework for e-Health Applications
In this paper we present a policy-based framework for the specification and enforcement of policies for e-Health applications. In the framework, authorisation policies are used to express the rights that entities have in the system, while obligation policies are used to define eventcondition-action rules as well as the responsibilities that carers and patients have in the system. We show how to...
متن کاملObligation Language for Access Control and Privacy Policies
Defining and enforcing obligations are key aspects of privacy protection. Most of today’s access control and data handling languages recognize the importance of obligations and even provide extension points but lack concrete language constructs to actually express obligations. This position paper proposes requirements for a general obligation language spanning access control and usage control. ...
متن کامل