Obligation monitoring in policy management

Policies are widely used in modern systems and applications. Recently, it has been recognized that simple decisions are just not enough for many systems and applications. Many policies require actions to be performed after a decision is made in accordance with the policy. To address this need, this paper studies the notion of obligations, which are those conditions or actions that must be fulfilled by either the users or the system after the decision. This paper formalizes the obligations and investigates mechanisms for monitoring obligations. In particular, the paper discusses various aspects of how the system may compensate for unfulfilled obligations.

[1]  Anup K. Ghosh E-Commerce Security and Privacy , 2001, Advances in Information Security.

[2]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.

[3]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[4]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[5]  Bruce G. Lindsay,et al.  On Maintaining Priorities in a Production Rule System , 1991, VLDB.

[6]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[7]  Sushil Jajodia,et al.  Time Granularities in Databases, Data Mining, and Temporal Reasoning , 2000, Springer Berlin Heidelberg.

[8]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[9]  Jorge Lobo,et al.  Monitors for History-Based Policies , 2001, POLICY.

[10]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[11]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[12]  Rina Dechter,et al.  Temporal Constraint Networks , 1989, Artif. Intell..

[13]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.

[14]  Sushil Jajodia,et al.  Solving multi-granularity temporal constraint networks , 2002, Artif. Intell..

[15]  Jorge Lobo,et al.  A Policy Description Language , 1999, AAAI/IAAI.

[16]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.