On Obligations

  • Manuel Hilty
  • David Basin
  • Alexander Pretschner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3679)


Access control is concerned with granting access to sensitive data based on conditions that relate to the past or present, so-called provisions. Expressing requirements from the domain of data protection necessitates extending this notion with conditions that relate to the future. Obligations, in this sense, are concerned with commitments of the involved parties. At the moment of granting access, adherence to these commitments cannot be guaranteed. An example is the requirement “do not re-distribute data”, where the actions of the involved parties may not even be observable. We provide a formal framework that allows us to precisely specify data protection policies. A syntactic classification of formulas gives rise to natural and intuitive formal definitions of provisions and obligations. Based on this classification, we present different mechanisms for checking adherence to agreed upon commitments.


Access Control Data Protection Policy Language Linear Temporal Logic Data Owner 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems 23(3), 231–285 (1998)CrossRefGoogle Scholar
  3. 3.
    Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management. J. Network and System Mgmt. 11(3), 351–372 (2003)CrossRefGoogle Scholar
  4. 4.
    Caleiro, C., Viganò, L., Basin, D.: Metareasoning about security protocols using distributed temporal logic. In: Proc. IJCAR 2004 Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA 2004). ENTCS, vol. 125(1) (2005)Google Scholar
  5. 5.
    Ehrich, H.-D., Caleiro, C.: Specifying communication in distributed information systems. Acta Informatica 36, 591–616 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Ehrich, H.-D., Caleiro, C., Sernadas, A., Denker, G.: Logics for specifying concurrent information systems. In: Logic for Databases and Information Systems, pp. 167–198. Kluwer Academic Publishers, Dordrecht (1998)Google Scholar
  7. 7.
    Gal, A., Atluri, V.: An authorization model for temporal data. In: Proc. 7th ACM Conference on Computer Communications Security, pp. 144–153. ACM Press, New York (2000)CrossRefGoogle Scholar
  8. 8.
    Jajodia, S., Kudo, M., Subrahmanian, V.: Provisional authorizations. In: Gosh, A. (ed.) E-Commerce Security and Privacy, pp. 133–159. Kluwer, Dordrecht (2001)Google Scholar
  9. 9.
    Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)zbMATHCrossRefGoogle Scholar
  10. 10.
    McDougall, M., Alur, R., Gunter, C.A.: A model-based approach to integrating security policies for embedded devices. In: Proc. 4th ACM international conference on Embedded software, pp. 211–219. ACM Press, New York (2004)CrossRefGoogle Scholar
  11. 11.
    Mont, M.C.: Dealing with privacy obligations in enterprises. Technical report, HP Laboratories Bristol (June 2004)Google Scholar
  12. 12.
    Park, J., Sandhu, R.: The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security 7, 128–174 (2004)CrossRefGoogle Scholar
  13. 13.
    Pnueli, A.: The temporal semantics of concurrent programs. In: Proc. Intl. Symp. on Semantics of Concurrent Computation, pp. 1–20. Springer, Heidelberg (1979)CrossRefGoogle Scholar
  14. 14.
    Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)CrossRefGoogle Scholar
  15. 15.
    Siewe, F., Cau, A., Zedan, H.: A compositional framework for access control policies enforcement. In: Proc. 2003 ACM workshop on Formal methods in security engineering, pp. 32–42. ACM Press, New York (2003)CrossRefGoogle Scholar
  16. 16.
    Smith, S.W.: Trusted Computing. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  17. 17.
    van Oorschot, P.: Revisiting software protection. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 1–13. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    van Oorschot, P.: Software protection and application security: understanding the battleground. In: State of the art and evolution of computer security and industrial cryptography (2003)Google Scholar
  19. 19.
    W3C. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (April 2002), Available at
  20. 20.
    Winskel, G.: Event structures. In: Brauer, W., Reisig, W., Rozenberg, G. (eds.) APN 1986. LNCS, vol. 255, pp. 325–392. Springer, Heidelberg (1987)Google Scholar
  21. 21.
    Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A logical specification for usage control. In: Proc. 9th ACM symp. on Access control models and technologies, pp. 1–10. ACM Press, New York (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Manuel Hilty
    • 1
  • David Basin
    • 1
  • Alexander Pretschner
    • 1
  1. 1.Information SecurityETH ZürichSwitzerland

Personalised recommendations