Title :
From Contextual Permission to Dynamic Pre-obligation: An Integrated Approach
Author :
Elrakaiby, Yehia ; Cuppens, Frédéric ; Boulahia, Nora-Cuppens
Author_Institution :
Inst. TELECOM/TELECOM-Bretagne, Cesson-Sevigne, France
Abstract :
Pre-obligations denote actions which may be required before access is granted. The successful fulfillment of pre-obligations authorizes the requested access. Thus, pre-obligations induce interactions between the obligation and authorization policy states. This paper studies these interactions by formalizing the evolution of the authorization and obligation states when pre-obligations are supported. The main advantage of the presented approach is that pre-obligations are given both declarative semantics based on predicate logic and operational semantics based on Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either (1) statically (an access request is denied if the pre-obligation has not been fulfilled); (2) or dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).
Keywords :
authorisation; formal logic; authorization policy state; contextual permission; dynamic pre-obligation; event condition action rules; integrated approach; obligation policy state; operational semantics; predicate logic; Access control; Authorization; Availability; Databases; Information security; Information systems; Logic; Permission; Telecommunications; Pre-obligation; policy management; security policies;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.71
