Journal of Network and Systems Management

, Volume 11, Issue 3, pp 351–372 | Cite as

Provisions and Obligations in Policy Rule Management

  • Claudio Bettini
  • Sushil Jajodia
  • X. Sean Wang
  • Duminda Wijesekera

Abstract

Policies in modern systems and applications play an essential role. We argue that decisions based on policy rules should take into account the possibility for the users to enable specific policy rules, by performing actions at the time when decisions are being rendered, and/or by promising to perform other actions in the future. Decisions should also consider preferences among different sets of actions enabling different rules. We adopt a formalism and mechanism devised for policy rule management in this context, and investigate in detail the notion of obligations, which are those actions users promise to perform in the future upon firing of a specific policy rule. We also investigate how obligations can be monitored and how the policy rules should be affected when obligations are either fulfilled or defaulted.

Obligation monitoring obligation enforcement temporal policies time-dependant obligations 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

REFERENCES

  1. 1.
    Claudio Bettini, Sushil Jajodia, X. Sean Wang, and Duminda Wijesekera, Provisions and obligations in policy rule management and security applications, Proc. 28th VLDB Conference, Hong Kong, China, 2002.Google Scholar
  2. 2.
    R. Dechter, I. Meiri, and J. Pearl, Temporal constraint networks, Artificial Intelligence Vol.49, pp. 61–95, 1991.Google Scholar
  3. 3.
    Claudio Bettini, X. Sean Wang, and Sushil Jajodia, Solving multi-granularity temporal constraint networks, Elsevier Science, Artificial Intelligence, Vol.140, Nos. 1/2, pp. 107–152, 2002.Google Scholar
  4. 4.
    C. Bettini, S. Jajodia, and X. Wang, Time-Granularities in Databases, Temporal Reasoning, and Data Mining, Springer, 2000.Google Scholar
  5. 5.
    N. Damianou, N. Dulay, E. Lupu, and M. Sloman The ponder policy specification language, Policies for Distributed Systems and Networks, Lecture Notes in Computer Science, Vol.1995, 2001.Google Scholar
  6. 6.
    J. Lobo, R. Bhatia, and S. Naqvi, A policy description language, Proc. National Conference of the American Association for Artificial Intelligence, Orlando, Florida, USA, 1999.Google Scholar
  7. 7.
    T. Y. C. Woo and S. S. Lam, Authorizations in distributed systems: A new approach, Journal of Computer Security, Vol.2, Nos. 2/3, pp. 107–136, 1993.Google Scholar
  8. 8.
    Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems, Vol.23, No.3 pp. 231–285, 1998.Google Scholar
  9. 9.
    Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, and V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems, Vol.26, (No.2) pp. 214–260, 2001.Google Scholar
  10. 10.
    Michiharu Kudo and Satoshi Hada, XML document security based on provisional authorization, Proc. 7th ACM Conference on Computer and Communications Security, pp. 87–96, 2000.Google Scholar
  11. 11.
    Sushil Jajodia, Michiharu Kudo, and V.S. Subrahmanian, Provisional authorizations. In Anup Gosh (ed.), E-Commerce Security and Privacy, Kluwer Academic Press, pp. 133–159, 2001.Google Scholar
  12. 12.
    J. Chomicki and J. Lobo, Monitors for history-based policies, Policies for Distributed Systems and Network, Lecture Notes in Computer Science, Vol.1995, 2001.Google Scholar
  13. 13.
    N.H. Minsky and V. Ungureanu, Law-governed intaractions: A coordination and control mechanism for heterogeneous distributed systems. ACM Transections on Software Engineering and Methodology, Vol.9, No.3, pp. 273–305, 2000.Google Scholar
  14. 14.
    N.H. Minsky and A.D. Lockman, Ensuring integrity by adding obligations to privileges, IEEE International Conference on Software Engineering, pp. 92–102, 1985.Google Scholar
  15. 15.
    S.J.H. Kent, T.S.E. Maibaum, and W.J. Quick, Formally specifying temporal constraints and error recovery, Proc. IEEE International Symposium on Requirements Engineering, pp. 208–215, 1993.Google Scholar
  16. 16.
    M.S. Feather, An implementation of bounded obligations, Proc. Eighth Knowledge Based Software Engineering Conference, pp. 114–122, 1993.Google Scholar
  17. 17.
    M. Roscheisen and T. Winograd, A communication agreement framework for access/action control, Proc. IEEE Symposium on Security and Privacy, 1996.Google Scholar
  18. 18.
    R. J. Wieringa and J-J Ch. Meyer, Applications of deontic logic in computer science: A concise overview, Deontic Logic in Computer Science: Normative System Specification, pp. 17–40, John Wiley, 1993.Google Scholar
  19. 19.
    M.J. Sergot, F. Sadri, R.A. Kowalski, F. Kriwaczek, P. Hammond, and H.T. Cory, The British Nationality Act as a logic program, Communication of the ACM, Vol.29, No.5, pp. 370–386, 1986.Google Scholar
  20. 20.
    Michael Gelfond, and Vladimir Lifschitz, Representing action and change by logic programs, Journal of Logic Programming, Vol.17, No.2, pp. 301–321, 1993.Google Scholar

Copyright information

© Plenum Publishing Corporation 2003

Authors and Affiliations

  • Claudio Bettini
    • 1
  • Sushil Jajodia
    • 2
  • X. Sean Wang
    • 2
  • Duminda Wijesekera
    • 2
  1. 1.Dipartimento di Informatica e ComunicazioneUniversita' di MilanoMilanItaly
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityVirginia

Personalised recommendations