An Audit Logic for Accountability

Cederquist, Jan; Conn, Richard A.; Dekker, M.A.C.; Etalle, Sandro; Hartog, J.I. den

doi:10.1109/policy.2005.5

Cited by 36 publications

(32 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Last but not least, the controller must commit to the sticky policy for this category of data (S i (MyPolicy)(Ca) = (Id,Ve,Co 2 ,Cx) with Co 2 equal to the commitment in the DisclosureRequest event). Another important rule is the rule stating that the disclosure policy and identity must not be modified by internal events 9 .…”

Section: Compliancementioning

confidence: 99%

“…The interest of "a-posteriori" policy enforcement has been strongly advocated in [9] and [11], for example to cope with emergency actions that need to be taken in unexpected circumstances or to address the lack of control of the subjects in a distributed environment. The APPEL (A-Posteriori PoLicy Enforcement) core presented in [11] combines an audit logic with trust management techniques.…”

Section: Related Workmentioning

confidence: 99%

“…Even though we have focused on the communications between subjects and controllers agents here (rather than the interactions with the auditor's agent), we also endorse the accountability principle and the introduction of automatic audits in the framework. The audit logic presented in [9] provides a general framework for defining agent accountability based on a proof system and proof obligations of the agents (when they are audited). The main difference between our approach and [9] and [11] is again a matter of focus: considering our goal to specify agents implementing the requirements of data subjects and controllers, we deal with specific obligations such as commitments on actions to be performed in the future (e.g., data deletion), purpose control, rights of the subject to be implemented by the controller (access, modification, deletion, etc.).…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

A Formal Privacy Management Framework

Métayer

2009

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

Privacy is a complex issue which cannot be handled by exclusively technical means. The work described in this paper results from a multidisciplinary project involving lawyers and computer scientists with the double goal to (1) reconsider the fundamental values motivating privacy protection and (2) study the conditions for a better protection of these values by a combination of legal and technical means. One of these conditions is to provide to the individuals effective ways to convey their consent to the disclosure of their personal data. This paper focuses on the formal framework proposed in the project to deliver this consent through software agents. Context and MotivationsIn the same way as the growing use of photography at the end of the 19th century prompted Warren and Brandeis seminal paper [31], the changes imposed nowadays by information and communication technologies require a deep reflection on the fundamental values underlying privacy and the best way to achieve their protection [15,27]. Furthermore a multidisciplinary approach is necessary to tackle this challenge because privacy can neither be apprehended nor guaranteed by exclusively legal or technical means. As a step in this direction, the collaborative project PRIAM 1 gathers lawyers and computer scientists with the goal of putting forward a common view of privacy for pervasive computing and effective (legal and technical) instruments to protect it.

show abstract

Section: Compliancementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Formal Privacy Management Framework

Métayer

2009

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

show abstract

“…To clearly specify access-control policies and reason about them formally, researchers have developed authorization logics [5,11,13,1,2]. In logic-based access-control systems, logical proofs constructed using access-control policies serve as capabilities for accessing resources.…”

Section: Introductionmentioning

confidence: 99%

Encoding information flow in AURA

Jia

Zdancewic

2009

SIGPLAN Not.

View full text Add to dashboard Cite

Two of the main ways to protect security-sensitive resources in computer systems are to enforce access-control policies and information-flow policies. In this paper, we show how to enforce information-flow policies in AURA, which is a programming language for access control. When augmented with this mechanism for enforcing information-flow polices, AURA can further improve the security of reference monitors that implement access control.We show how to encode security types and lattices of security labels using AURA's existing constructs for authorization logic. We prove a noninterference theorem for this encoding. We also investigate how to use expressive accesscontrol policies specified in authorization logic as the policies for information declassification.

show abstract

“…We illustrate how the AC 2 framework can be used in a consultancy firm where a group of consultants produce and process confidential documents in a decentralized way. This framework was published in the International Journal of Information Security (IJIS) [2], as joint work with J. G. Cederquist, R. Corin, S. Etalle, J. I. den Hartog and G. Lenzini, and based on early versions of the AC 2 framework published in conference proceedings [1,25]. See also the acknowledgements of Chapter 2 in Section 2.8.…”

Section: Contributionsmentioning

confidence: 99%

Flexible access control for dynamic collaborative environments

Dekker¹

Self Cite

View full text Add to dashboard Cite

Access control is used in computer systems to control access to confidential data. In this thesis we develop flexible access control models for users in dynamic collaborative environments, such as hospitals, or consultancy firms.We propose Audit-based Compliance Control (AC 2 ). In AC 2 user actions are not checked immediately (a-priori), like in conventional access control, but users must account for their actions at a later time (a-posteriori), by providing machine-checkable justification proofs to one or more auditors. This allows users to exchange and access confidential data, like health records in a hospital, in an ad hoc manner. A similar design choice was made recently for the Dutch electronic health record infrastructure (AORTA).We also take a more conventional approach by proposing two extensions to Rolebased Access Control (RBAC). These extensions give users more ways of authorizing and deploying RBAC policy changes, thus favoring dynamic collaboration between users. Printed by Wöhrmann Print Service, Zutphen, The Netherlands.Cover layout and photography by Denis Guzzo (http://denis.guzzo.name).The cover shows the façade of one of the buildings of Erasmus MC, the university hospital of the city of Rotterdam. The overlay is a figure from this thesis (see page 15). FLEXIBLE ACCESS CONTROL FOR DYNAMIC COLLABORATIVE ENVIRONMENTS SummaryAccess control is used in computer systems to control access to confidential data. In this thesis we focus on access control for dynamic collaborative environments where multiple users and systems access and exchange data in an ad hoc manner. In such environments it is difficult to protect confidential data using conventional access control systems, because users act in unpredictable ways.In this thesis we propose a new access control framework, called Auditbased Compliance Control (AC 2 ). In AC 2 user actions are not checked immediately (a-priori), like in conventional access control, but users must account for their actions at a later time (a-posteriori), by providing machinecheckable justification proofs to auditors. The logical proofs are based on policies received from other users, and other logged actions. AC 2 has a rich policy language based on first-order logics, and it features an automated audit procedure. AC 2 allows users to exchange and access confidential data in an ad hoc manner, and thus collaborate more easily. Applied in a medical setting, for example, doctors would be able to continue their work, regardless of authorization issues such as missing patient consent, and missing or outdated policies. Doctors can deal with these issues at a later time. Although this unconventional approach may seem, at first sight, inappropriate for practical applications, recently a similar design choice has been made for the Dutch national infrastructure for the exchange of electronic health records (AORTA).At the same time we are aware of the fact that it is a big step for organizations to change from a conventional access control mechanism (apriori) to a new mechanism....

show abstract

An Audit Logic for Accountability

Cited by 36 publications

References 18 publications

A Formal Privacy Management Framework

A Formal Privacy Management Framework

Encoding information flow in AURA

Flexible access control for dynamic collaborative environments

Contact Info

Product

Resources

About