Skip to main content
SpringerLink
Log in
Book cover

OTM Confederated International Conferences "On the Move to Meaningful Internet Systems"

OTM 2014: On the Move to Meaningful Internet Systems: OTM 2014 Workshops pp 108–116Cite as

Obligation Based Access Control

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8842))

Abstract

Access control systems can be categorized in two classes: stateless or stateful. While stateless access control systems consider only current state of the system for access decision, stateful access control integrates past and current state of the system. The state of the system can change depending on the way how resources were used. We also observe that stateful access control systems strongly rely on centralised state monitoring infrastructure. In the context of distributed systems, state monitoring is very difficult to achieve, both for security and technical reasons. In this paper, we propose to use obligation execution proof to evaluate current distributed system state. Data usage conditions are defined as obligations expressing the actions that must be executed before or after granted access. In this paper, we aim at fostering distributed access control enforcement relying on certified obligations.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Trabelsi, S., Sendor, J., Reinicke, S.: PPL: PrimeLife Privacy Policy Engine. POLICY (2011)

    Google Scholar 

  2. Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: An extended role-based access control model for delegating obligations. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 127–137. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Ni, Q., Bertino, E., Lobo, J.: An Obligation Model Bridging Access Control Policies and Privacy Policies. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT 2008 (2008)

    Google Scholar 

  4. Chen, L., Cramptony, J., Kollingbaum, M.J., Norman, T.J.: Obligations in Risk-Aware Access Control. In: Proceedings of the 13th ACM Symposium on Access control Models and Technologies, SACMAT (2008), Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust, PST 2012 (2012)

    Google Scholar 

  5. Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and Obligations in Policy Management and Security Applications. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT 2008 (2008), Proceedings of the 28th International Conference on Very Large Data Bases, VLDB 2002 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Product Security Research, Mougins, France

    Laurent Gomez & Slim Trabelsi

Authors
  1. Laurent Gomez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Slim Trabelsi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TU Graz, Rechbauerstraße 12, 8010, Graz, Austria

    Robert Meersman

  2. CRAN, University of Lorraine, Campus Sciences, BP 70239, 54506, Vandoevre-les-Nancy, France

    Hervé Panetto

  3. Department of Software Engineering, Atilim Univeristy, Kızılcaşar Mh Mh, 06830, Ankara, Turkey

    Alok Mishra

  4. Facultad de Informática, Universidad de Murcia, Campus de Espinardo, 30100, Murcia, Spain

    Rafael Valencia-García

  5. Dep. of Informatics Engineering, University of Porto, Rua Dr. Roberto Frias, 4200-465, Porto, Portugal

    António Lucas Soares

  6. SIGMA / LIG, Joseph Fourier University, 220 Rue de la Chimie, BP 53, 38041, Grenoble Cedex 9, France

    Ioana Ciuciu

  7. Institute for Research on Population and Social, National Research Council, Policies, Via Palestro 32, 00185, Rome, Italy

    Fernando Ferri

  8. Dep. Business Informatics, Communications Engineering, Johannes Kepler University, Freistaedterstrasse 315, 4040, Linz, Austria

    Georg Weichhart

  9. STINA Business Solutions GmbH, Schottenfeldgasse 63/2, 1070, Wien, Austria

    Thomas Moser

  10. SAP Research, 805 avenue du Dr Donat, 06259, Sophia-Antipolis, Mougins, France

    Michele Bezzi

  11. Department of Computing, Hong Kong Polytechnic University, PQ806, Mong Man Wai Building, Hong Kong,, China

    Henry Chan

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gomez, L., Trabelsi, S. (2014). Obligation Based Access Control. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2014 Workshops. OTM 2014. Lecture Notes in Computer Science, vol 8842. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45550-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45550-0_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45549-4

  • Online ISBN: 978-3-662-45550-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation