Title :
Formalization and Management of Group Obligations
Author :
El Rakaiby, Yehia ; Cuppens, Frédéric ; Cuppens-Boulahia, Nora
Author_Institution :
TELECOM Inst., TELECOM-Bretagne, Cesson-Sevigne, France
Abstract :
The specification of abstract security policies which indirectly apply to system entities (like subjects and objects) through group relations (like roles or domains) has been shown to simplify policy specification, interpretation and analysis. In this paper, we show how the abstraction of subjects, actions and objects in obligation policies using group relations can enhance the expressiveness of obligation policy languages. More precisely, we introduce the notion of group contexts through which the policy designer can choose different interpretations for group relations in obligation security rules enabling him or her to specify obligations representing shared responsibilities such as "All patients must be checked by a doctor\´\´ or obligations expressing sets of alternative actions such as "Every customer should pay either in cash or by check\´\´. Management and monitoring requirements of such obligations called group obligations are studied and formalized.
Keywords :
formal specification; security of data; specification languages; abstract security policy; formalization; group obligations; obligation policiy; obligation policy languages; policy analysis; policy designer; policy interpretation; policy specification; Control systems; Finance; Patient monitoring; Permission; Security; Telecommunication network management; Group Obligations; Obligation Policy Management; Obligation Sanction Policies;
Conference_Titel :
Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on
Conference_Location :
London
Print_ISBN :
978-0-7695-3742-9
Electronic_ISBN :
978-0-7695-3742-9
DOI :
10.1109/POLICY.2009.10
