College of Sciences
Permanent URI for this communityhttps://hdl.handle.net/20.500.12588/256
Browse
Browsing College of Sciences by Subject "accountability"
Now showing 1 - 3 of 3
- Results Per Page
- Sort Options
Item Failure Feedback for User Obligation Systems(UTSA Department of Computer Science, 2010-06) Pontual, Murillo; Irwin, Keith; Chowdhury, Omar; Winsborough, William H.; Yu, TingIn recent years, several researchers have proposed techniques for providing users with assistance in understanding and overcoming authorization denials. The incorporation of environmental factors into authorization decisions has made this particularly important and challenging. An environmental factor that has not previously been considered in this effort to provide such assistance to users arises in systems where obligations can depend on and affect authorizations. In these systems, it is desirable to ensure that users will have the authorizations they require to fulfill their obligations, and prior work has proposed denying requests to perform non-obligatory actions that would cause this property to become violated, whether the violation is a direct result of the requested action or due to obligations that would be incurred as a result of it. Because of privacy concerns, as well as the intricate interactions between actions and pending obligations, the current work focuses on helping users find means of overcoming their denials, rather than focusing on explanation of the cause for denial. We show that in general this problem is PSPACE-hard. We then develop an approach based on an AI-planning tool and evaluate its effectiveness empirically. We find that this tool can often be quite helpful in medium sized problem instances, particularly when the number of steps that must be taken to enable the desired action is relatively small.Item On the Management of User Obligations(UTSA Department of Computer Science, 2011-03) Pontual, Murillo; Chowdhury, Omar; Winsborough, William H.; Yu, Ting; Irwin, KeithThis paper is part of a project investigating authorization systems that assign obligations to users. We are particularly interested in obligations that require authorization to be performed and that, when performed, may modify the authorization state. In this context, a user may incur an obligation she is unauthorized to perform. Prior work has introduced a property of the authorization system state that ensures users will be authorized to fulfill their obligations. We call this property accountability because users that fail to perform authorized obligations are accountable for their non-performance. While a reference monitor can mitigate violations of accountability, it cannot prevent them entirely. This paper presents techniques to be used by obligation system managers to restore accountability. We introduce several notions of dependence among pending obligations that must be considered in this process. We also introduce a novel notion we call obligation pool slicing, owing to its similarity to program slicing. An obligation pool slice identifies a set of obligations that the administrator may need to consider when applying strategies proposed here for restoring accountability. The paper also presents the system architecture of an authorization system that incorporates obligations that can require and affect authorizations.Item Toward Practical Authorization-dependent User Obligation Systems(UTSA Department of Computer Science, 2009-12) Pontual, Murillo; Chowdhury, Omar; Winsborough, William H.; Yu, Ting; Irwin, KeithMany authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.