The correct behavior and reliable operation of an information system relies not only on what users are permitted to do, but oftentimes on what users are required to do. Such obligatory actions are integral to the security procedures of many enterprises. The management of obligations in security policies imposes significant technical challenges since obligations bear quite different properties from traditional access control. For example, obligations assigned to users often cannot be enforced. Thus, even if a system¡¯s reference monitor is trusted, the failure of obligations must be considered, and appropriate remedies need to be an integral part of security policies. Also, the interaction between obligations and other components of security policies (e.g., access control) must be considered to ensure their consistency.
This project develops a comprehensive framework for the management of obligations in security policies, which covers the full life cycle of obligations, including obligation modeling, specification, analysis, monitoring and discharges. Specifically, the project formally identifies the desirable security objectives that are characteristic of systems that involve obligations, and systematically investigates dynamic and static means to maintaining these objectives while such systems evolve. Though the framework is formal in nature, and is designed on purpose to be general, the evaluation of its usefulness and effectiveness is firmly grounded on real applications, in particular, in the context of privacy policy enforcement in health care systems.
This project aims to establish a solid foundation for the management of obligations, and significantly improve the understanding and practice of obligations in information systems. The societal benefit of the project also results from the development and dissemination of education resources on new types of security policies beyond traditional access control.
