Abstract
Obligations are pervasive in modern systems, often linked to access control decisions. We present a very general model of obligations as objects with state, and discuss its interaction with a program’s execution. We describe several analyses that the model enables, both static (for verification) and dynamic (for monitoring). This includes a systematic approach to approximating obligations for enforcement. We also discuss some extensions that would enable practical policy notations. Finally, we evaluate the robustness of our model against standard definitions from jurisprudence.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Moses, T.: eXtensible Access Control Markup Language (XACML) version 1.0. Technical report, OASIS (February 2003)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2), http://www.w3.org/Submission/EPAL/
Garner, B.A. (ed.): Black’s Law Dictionary, 8th edn. Thomson-West Publishers (2004)
Minsky, N.H., Lockman, A.: Ensuring integrity by adding obligations to privileges. In: International Conference on Software Engineering, pp. 92–102 (1985)
Dougherty, D.J., Fisler, K., Krishnamurthi, S.: Specifying and reasoning about dynamic access-control policies. In: International Joint Conference on Automated Reasoning, pp. 632–646 (August 2006)
Alpern, B., Schneider, F.B.: Defining liveness. Information Processing Letters 21, 181–185 (1985)
Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, Heidelberg (1992)
Alur, R., Henzinger, T.A., Kupferman, O.: Alternating-time temporal logic. Journal of the ACM 49(5), 672–713 (2002)
Alur, R., Henzinger, T.A.: Logics and Models of Real-Time: A Survey. In: Real Time: Theory in Practice, pp. 74–106 (1991)
Deutsch, A., Sui, L., Vianu, V.: Specification and verification of data-driven web services. In: Principles of Database Systems, pp. 71–82 (2004)
Yahav, E., Reps, T., Sagiv, M., Wilhelm, R.: Verifying temporal heap properties specified via evolution logic. In: Degano, P. (ed.) ESOP 2003 and ETAPS 2003. LNCS, vol. 2618, pp. 204–222. Springer, Heidelberg (2003)
Vardi, M.Y.: Verification of concurrent programs: The automata-theoretic framework. Annals of Pure and Applied Logic 51(1-2), 79–98 (1991)
Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2(3), 117–126 (1987)
von Wright, G.H.: Deontic logic. Mind 60, 1–15 (1951)
Bartha, P.: Conditional obligation, deontic paradoxes, and the logic of agency. Annals of Mathematics and Artificial Intelligence 9(1-2), 1–23 (1993)
Jamroga, W., van der Hoek, W., Wooldridge, M.: On obligations and abilities. In: Deontic Logic in Computer Science, pp. 165–181 (2004)
Kooi, B.P., Tamminga, A.M.: Conflicting obligations in multi-agent deontic logic. In: Deontic Logic in Computer Science, pp. 175–186 (2006)
Mont, M.C.: A system to handle privacy obligations in enterprises. Technical Report HPL-2005-180, HP Laboratories Bristol (October 2005)
Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Computer and Communications Security, pp. 134–143 (2006)
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)
Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Obligation monitoring in policy management. In: Policies for Distributed Systems and Networks, pp. 2–12 (2002)
Sloman, M.: Policy driven management for distributed systems. Journal of Network and Systems Management 2(4) (1994)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder specification language. In: Policies for Distributed Systems and Networks (2001)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Computer and Communications Security, pp. 87–96 (2000)
Abrahams, A., Eyers, D., Bacon, J.: An asynchronous rule-based approach for business process automation using obligations. In: Rule-Based Programming, pp. 93–104 (2002)
Schaad, A., Moffett, J.D.: Delegation of obligations. In: Policies for Distributed Systems and Networks, pp. 25–35 (2002)
Schaad, A.: An extended analysis of delegating obligations. In: Data and Applications Security, pp. 49–64 (2004)
Schaad, A.: Revocation of obligation and authorisation policy objects. In: Data and Applications Security, pp. 28–39 (2005)
Jackson, D.: Alloy: a lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology 11(2), 256–290 (2002)
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: European Symposium on Research in Computer Security, pp. 101–119 (2003)
Hilty, M., Basin, D.A., Pretschner, A.: On obligations. In: European Symposium on Research in Computer Security, pp. 98–117 (2005)
Ehrich, H.D., Caleiro, C.: Specifying communication in distributed information systems. Acta Informatica 36(8), 591–616 (2000)
May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: Computer Security Foundations Workshop (2006)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: Symposium on Security and Privacy (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dougherty, D.J., Fisler, K., Krishnamurthi, S. (2007). Obligations and Their Interaction with Programs. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)