On the Management of User Obligations

dc.contributor.authorPontual, Murillo
dc.contributor.authorChowdhury, Omar
dc.contributor.authorWinsborough, William H.
dc.contributor.authorYu, Ting
dc.contributor.authorIrwin, Keith
dc.date.accessioned2023-10-26T14:31:21Z
dc.date.available2023-10-26T14:31:21Z
dc.date.issued2011-03
dc.description.abstractThis paper is part of a project investigating authorization systems that assign obligations to users. We are particularly interested in obligations that require authorization to be performed and that, when performed, may modify the authorization state. In this context, a user may incur an obligation she is unauthorized to perform. Prior work has introduced a property of the authorization system state that ensures users will be authorized to fulfill their obligations. We call this property accountability because users that fail to perform authorized obligations are accountable for their non-performance. While a reference monitor can mitigate violations of accountability, it cannot prevent them entirely. This paper presents techniques to be used by obligation system managers to restore accountability. We introduce several notions of dependence among pending obligations that must be considered in this process. We also introduce a novel notion we call obligation pool slicing, owing to its similarity to program slicing. An obligation pool slice identifies a set of obligations that the administrator may need to consider when applying strategies proposed here for restoring accountability. The paper also presents the system architecture of an authorization system that incorporates obligations that can require and affect authorizations.
dc.description.departmentComputer Science
dc.description.sponsorshipTing Yu is partially supported by NSF grant CNS-0716210. William H. Winsborough is partially supported by NSF grants CNS-0716750, CNS-0964710, and THECB ARP 010115-0037-2007.
dc.identifier.urihttps://hdl.handle.net/20.500.12588/2172
dc.language.isoen_US
dc.publisherUTSA Department of Computer Science
dc.relation.ispartofseriesTechnical Report; CS-TR-2011-001
dc.subjectsecurity
dc.subjecttheory
dc.subjectobligations
dc.subjectRBAC
dc.subjectpolicy
dc.subjectauthorization systems
dc.subjectaccountability
dc.titleOn the Management of User Obligations
dc.typeTechnical Report

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Pontual_et_al_CS-TR-2011-001.pdf
Size:
185.01 KB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.86 KB
Format:
Item-specific license agreed upon to submission
Description: