Toward practical authorization-dependent user obligation systems

Pontual, Murillo; Chowdhury, Omar; Winsborough, William H.; Yu, Ting; Irwin, Keith

doi:10.1145/1755688.1755711

Cited by 10 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [7] and [10], we have presented an abstract meta-model that incorporates the basic construct of an authorization system supporting obligations. However, in this section, we present an instance of the abstract meta-model that is specialized to mini-RBAC and mini-ARBAC.…”

Section: B Obligationsmentioning

confidence: 99%

“…For example, if we had two obligations, o 1 and o 2 with intervals [1,10] and [5,15] respectively, then if the planner added o 1 ≺ o 2 to the plan, translating that order back into time intervals would require that [5,10] would now need to be divided between o 1 and o 2 . Otherwise o 2 could happen at time 7 and o 1 at time 9, and the property of ≺ would not be respected and the resulting set of obligations would probably not be accountable.…”

Section: ) Timing Constraint Restrictionmentioning

confidence: 99%

“…Otherwise o 2 could happen at time 7 and o 1 at time 9, and the property of ≺ would not be respected and the resulting set of obligations would probably not be accountable. Now, if o 2 ≺ o 1 were added, both would have to be squeezed into [5,10] without overlapping each other such that o 2 would be required to happen before o 1 .…”

Section: ) Timing Constraint Restrictionmentioning

confidence: 99%

“…But, sometimes it may not be possible to convert the plan to obligations due to unawareness of the planner of how close together any two obligations are. For example, according to the planner output o 1 ≺ da 1 ≺ · · · ≺ da 100 ≺ o 2 when the time period for o 1 is [10,15] and the time period for o 2 is [16, 20]. Obviously we are not going to be able to reasonably squeeze one hundred actions into a single time click.…”

Section: ) Converting From Planner Output To Obligationsmentioning

confidence: 99%

See 3 more Smart Citations

Failure Feedback for User Obligation Systems

Pontual

Irwin

Chowdhury

et al. 2010

2010 IEEE Second International Conference on Social Computing

Self Cite

View full text Add to dashboard Cite

Abstract-In recent years, several researchers have proposed techniques for providing users with assistance in understanding and overcoming authorization denials. The incorporation of environmental factors into authorization decisions has made this particularly important and challenging. An environmental factor that has not previously been considered in this effort to provide such assistance to users arises in systems where obligations can depend on and affect authorizations. In these systems, it is desirable to ensure that users will have the authorizations they require to fulfill their obligations, and prior work has proposed denying requests to perform non-obligatory actions that would cause this property to become violated, whether the violation is a direct result of the requested action or due to obligations that would be incurred as a result of it. Because of privacy concerns, as well as the intricate interactions between actions and pending obligations, the current work focuses on helping users find means of overcoming their denials, rather than focusing on explanation of the cause for denial. We show that in general this problem is PSPACE-hard. We then develop an approach based on an AIplanning tool and evaluate its effectiveness empirically. We find that this tool can often be quite helpful in medium sized problem instances, particularly when the number of steps that must be taken to enable the desired action is relatively small.

show abstract

Section: B Obligationsmentioning

confidence: 99%

Section: ) Timing Constraint Restrictionmentioning

confidence: 99%

Section: ) Timing Constraint Restrictionmentioning

confidence: 99%

Section: ) Converting From Planner Output To Obligationsmentioning

confidence: 99%

See 2 more Smart Citations

Failure Feedback for User Obligation Systems

Pontual

Irwin

Chowdhury

et al. 2010

2010 IEEE Second International Conference on Social Computing

Self Cite

View full text Add to dashboard Cite

show abstract

Managing Obligation Delegation: Incentive Model and Experiment

Chen,

Zeng,

Vidalis

et al. 2024

Security and Privacy

View full text Add to dashboard Cite

Obligations are essential part of security policies, which specify what actions a user is obliged to perform in the future. One interesting feature of obligations is unenforceable, that is, the system cannot guarantee that each obligation will be fulfilled. Indeed, obligations go unfulfilled for a variety of reasons. For example, a user may have a family emergency that leads her having little time to discharge assigned obligations. We argue that delegation of obligations can be regarded as a means of providing opportunity for obligations to be discharged. However, this opportunity will be wasted if users who received delegation do not fulfill the obligations eventually. In this paper, we propose a mechanism that incentivizes users to accept and fulfill obligations for others by rewarding users credits. The amount of credits that can be earned depends on their trust rating, which reflects precisely how diligent of individuals in fulfilling obligations in the past. Users are motivated to raise up their trust ratings by fulfilling obligations for others, in order to earn more credits in the future. To evaluate our approach, we develop a multiple‐agent system that simulates a number of different profiles for agents and run experiments for one‐hop delegation and cascaded delegation with those agents. The experiments show a rich set of results, one of which confirms that delegation with incentives achieves the best outcome in terms of the number of obligations being fulfilled. Also, we implemented the modified ‐greedy algorithm, one of the closely related existing works, in our experimental framework and compared its performance to our approach. The results show that our approach offers greater flexibility and efficiency, as well as a higher obligation fulfillment rate.

show abstract