Toward practical authorization-dependent user obligation systems

Murillo Pontual; Omar Chowdhury; William H. Winsborough; Ting Yu; Keith Irwin

doi:10.1145/1755688.1755711

Toward practical authorization-dependent user obligation systems

Murillo Pontual^*, Omar Chowdhury, William H. Winsborough, Ting Yu, Keith Irwin

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Citations (Scopus)

Abstract

Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.

Original language	English
Title of host publication	Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010
Pages	180-191
Number of pages	12
DOIs	https://doi.org/10.1145/1755688.1755711
Publication status	Published - 2010
Externally published	Yes
Event	5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010 - Beijing, China Duration: 13 Apr 2010 → 16 Apr 2010

Publication series

Name	Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

Conference

Conference	5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010
Country/Territory	China
City	Beijing
Period	13/04/10 → 16/04/10

Keywords

RBAC
accountability
authorization systems
obligations
policy

Access to Document

10.1145/1755688.1755711

Cite this

Pontual, M., Chowdhury, O., Winsborough, W. H., Yu, T., & Irwin, K. (2010). Toward practical authorization-dependent user obligation systems. In Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010 (pp. 180-191). (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010). https://doi.org/10.1145/1755688.1755711

Pontual, Murillo ; Chowdhury, Omar ; Winsborough, William H. et al. / Toward practical authorization-dependent user obligation systems. Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. 2010. pp. 180-191 (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010).

@inproceedings{f34ffdea7e1f4cd48f881d116d872bf3,

title = "Toward practical authorization-dependent user obligation systems",

abstract = "Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.",

keywords = "RBAC, accountability, authorization systems, obligations, policy",

author = "Murillo Pontual and Omar Chowdhury and Winsborough, {William H.} and Ting Yu and Keith Irwin",

year = "2010",

doi = "10.1145/1755688.1755711",

language = "English",

isbn = "9781605589367",

series = "Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010",

pages = "180--191",

booktitle = "Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010",

note = "5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010 ; Conference date: 13-04-2010 Through 16-04-2010",

}

Pontual, M, Chowdhury, O, Winsborough, WH, Yu, T & Irwin, K 2010, Toward practical authorization-dependent user obligation systems. in Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 180-191, 5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010, Beijing, China, 13/04/10. https://doi.org/10.1145/1755688.1755711

Toward practical authorization-dependent user obligation systems. / Pontual, Murillo; Chowdhury, Omar; Winsborough, William H. et al.
Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. 2010. p. 180-191 (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Toward practical authorization-dependent user obligation systems

AU - Pontual, Murillo

AU - Chowdhury, Omar

AU - Winsborough, William H.

AU - Yu, Ting

AU - Irwin, Keith

PY - 2010

Y1 - 2010

N2 - Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.

AB - Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.

KW - RBAC

KW - accountability

KW - authorization systems

KW - obligations

KW - policy

UR - http://www.scopus.com/inward/record.url?scp=77954470017&partnerID=8YFLogxK

U2 - 10.1145/1755688.1755711

DO - 10.1145/1755688.1755711

M3 - Conference contribution

AN - SCOPUS:77954470017

SN - 9781605589367

T3 - Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

SP - 180

EP - 191

BT - Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

T2 - 5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010

Y2 - 13 April 2010 through 16 April 2010

ER -

Pontual M, Chowdhury O, Winsborough WH, Yu T, Irwin K. Toward practical authorization-dependent user obligation systems. In Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. 2010. p. 180-191. (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010). doi: 10.1145/1755688.1755711

Toward practical authorization-dependent user obligation systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this