TY - GEN
T1 - Ensuring authorization privileges for cascading user obligations
AU - Chowdhury, Omar
AU - Pontual, Murillo
AU - Winsborough, William H.
AU - Yu, Ting
AU - Irwin, Keith
AU - Niu, Jianwei
PY - 2012
Y1 - 2012
N2 - User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.
AB - User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.
KW - Accountability
KW - Authorization
KW - Cascading obligations
KW - Obligations
KW - RBAC
UR - http://www.scopus.com/inward/record.url?scp=84864037216&partnerID=8YFLogxK
U2 - 10.1145/2295136.2295144
DO - 10.1145/2295136.2295144
M3 - Conference contribution
AN - SCOPUS:84864037216
SN - 9781450312950
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 33
EP - 43
BT - SACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
T2 - 17th ACM Symposium on Access Control Models and Technologies, SACMAT'12
Y2 - 20 June 2012 through 22 June 2012
ER -