Provisions and Obligations in Policy Rule Management

被引：29

作者：

Claudio Bettini

Sushil Jajodia

X. Sean Wang

Duminda Wijesekera

机构：

[1] Dipartimento di Informatica, Universita' di Milano, I-20135 Milan

[2] Ctr. for Secure Information Systems, George Mason University

来源：

Journal of Network and Systems Management | 2003年 / 11卷 / 3期

基金：

美国国家科学基金会;

关键词：

Obligation enforcement; Obligation monitoring; Temporal policies; Time-dependant obligations;

D O I：

10.1023/A:1025711105609

中图分类号：

学科分类号：

摘要：

Policies in modern systems and applications play an essential role. We argue that decisions based on policy rules should take into account the possibility for the users to enable specific policy rules, by performing actions at the time when decisions are being rendered, and/or by promising to perform other actions in the future. Decisions should also consider preferences among different sets of actions enabling different rules. We adopt a formalism and mechanism devised for policy rule management in this context, and investigate in detail the notion of obligations, which are those actions users promise to perform in the future upon firing of a specific policy rule. We also investigate how obligations can be monitored and how the policy rules should be affected when obligations are either fulfilled or defaulted.

引用

页码：351 / 372

页数：21

共 20 条

[1]

Bettini C., Jajodia S., Sean Wang X., Wijesekera D., Provisions and obligations in policy rule management and security applications, Proc. 28th VLDB Conference, (2002)

[2]

Dechter R., Meiri I., Pearl J., Temporal constraint networks, Artificial Intelligence, 49, pp. 61-95, (1991)

[3]

Bettini C., Sean Wang X., Jajodia S., Solving multi-granularity temporal constraint networks, Elsevier Science, Artificial Intelligence, 140, 1-2, pp. 107-152, (2002)

[4]

Bettini C., Jajodia S., Wang X., Time-granularities in Databases, Temporal Reasoning, and Data Mining, (2000)

[5]

Damianou N., Dulay N., Lupu E., Sloman M., The ponder policy specification language, Lecture Notes in Computer Science, 1995, (2001)

[6]

Lobo J., Bhatia R., Naqvi S., A policy description language, Proc. National Conference of the American Association for Artificial Intelligence, (1999)

[7]

Woo T.Y.C., Lam S.S., Authorizations in distributed systems: A new approach, Journal of Computer Security, 2, 2-3, pp. 107-136, (1993)

[8]

Bertino E., Bettini C., Ferrari E., Samarati P., An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems, 23, 3, pp. 231-285, (1998)

[9]

Jajodia S., Samarati P., Sapino M.L., Subrahmanian V.S., Flexible support for multiple access control policies, ACM Transactions on Database Systems, 26, 2, pp. 214-260, (2001)

[10]

Kudo M., Hada S., XML document security based on provisional authorization, Proc. 7th ACM Conference on Computer and Communications Security, pp. 87-96, (2000)

← 1 2 →