Book
Assigning Responsibility for Failed Obligations.
| Title: | Assigning Responsibility for Failed Obligations. |
|---|---|
| Authors: | Irwin, Keith, Yu, Ting, Winsborough, William H. |
| Source: | Trust Management II; 2008, p327-342, 16p |
| Abstract: | Traditional security policies largely focus on access control. Though essential, access control is only one aspect of security. In particular, the correct behavior and reliable operation of a system depends not only on what users are permitted to do, but oftentimes on what users are required to do. Such obligatory actions are integral to the security procedures of many enterprises. Unlike access control, obligations assigned to individual users are often unenforceable, that is, the system cannot ensure that each obligation will be fulfilled. Accurately determining who was at fault when obligations are not met is essential for responding appropriately, be it in terms of modified trust relationships or other recourse. In this paper, based on a formal metamodel of obligations, we propose an approach for fault assessment through active online tracking of responsibilities and dependencies between obligations.We identify and formalize two key properties for the correct assessment of fault, and design responsibility assignment and fault assessment algorithms for a concrete yet general access control and obligation system. [ABSTRACT FROM AUTHOR] |
| Copyright of Trust Management II is the property of Springer Nature / Books and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| DOI: | 10.1007/978-0-387-09428-1_21 |
| Database: | Complementary Index |
Availability