{"title":"从情境许可到动态预义务:一种综合方法","authors":"Yehia Elrakaiby, F. Cuppens, N. Cuppens-Boulahia","doi":"10.1109/ARES.2010.71","DOIUrl":null,"url":null,"abstract":"Pre-obligations denote actions which may be required before access is granted. The successful fulfillment of pre-obligations authorizes the requested access. Thus, preobligations induce interactions between the obligation and authorization policy states. This paper studies these interactionsby formalizing the evolution of the authorization and obligation states when pre-obligations are supported. The main advantage of the presented approach is that pre-obligations are given both declarative semantics based on predicate logic and operational semantics based on Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either(1) statically (an access request is denied if the pre-obligation has not been fulfilled); (2) or dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"137 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"From Contextual Permission to Dynamic Pre-obligation: An Integrated Approach\",\"authors\":\"Yehia Elrakaiby, F. Cuppens, N. Cuppens-Boulahia\",\"doi\":\"10.1109/ARES.2010.71\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Pre-obligations denote actions which may be required before access is granted. The successful fulfillment of pre-obligations authorizes the requested access. Thus, preobligations induce interactions between the obligation and authorization policy states. This paper studies these interactionsby formalizing the evolution of the authorization and obligation states when pre-obligations are supported. The main advantage of the presented approach is that pre-obligations are given both declarative semantics based on predicate logic and operational semantics based on Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either(1) statically (an access request is denied if the pre-obligation has not been fulfilled); (2) or dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).\",\"PeriodicalId\":360339,\"journal\":{\"name\":\"2010 International Conference on Availability, Reliability and Security\",\"volume\":\"137 \",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-03-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2010.71\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.71","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
From Contextual Permission to Dynamic Pre-obligation: An Integrated Approach
Pre-obligations denote actions which may be required before access is granted. The successful fulfillment of pre-obligations authorizes the requested access. Thus, preobligations induce interactions between the obligation and authorization policy states. This paper studies these interactionsby formalizing the evolution of the authorization and obligation states when pre-obligations are supported. The main advantage of the presented approach is that pre-obligations are given both declarative semantics based on predicate logic and operational semantics based on Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either(1) statically (an access request is denied if the pre-obligation has not been fulfilled); (2) or dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).