Management of Conflicting Obligations in Self-Protecting Policy-Based Systems

Policy-based management of business systems is increasingly becoming the norm for autonomic computing since these systems can adapt to the changing needs and increasing complexity of the underlying organizations or enterprises. One of the vital characteristics of these systems is self-protection, ie., the ability to secure information and resources, by anticipating, detecting, identifying and protecting against any form of unauthorised access and permitting all authorised accesses based on the users´ roles and pre-established policies. In this paper, we focus on one aspect of self-protecting autonomous systems, which is, how to automatically enforce privacy policies related to data handling, for compliance and auditing purposes. The automatic management of privacy sensitive information based on enterprise policies that are driven by a combination of user preferences, internal objectives and external regulations is a key aspect to any enterprise to prevent misuse of this information. These policies extend beyond simple authorization rules, and also mandate obligations to be enforced under certain conditions. One issue in the automatic enforcement of obligations is the presence of conflicts among different obligations which mandate different actions on the same resource, based on different conditions in which the resource is accessed. In this paper we propose algorithms for detecting and resolving conflicts among obligations in both static and runtime environments. We then briefly describe our prototype obligation management system with the conflict resolution module that achieves the automated enforcement of obligations for data-handling based on privacy policies