A Posteriori Compliance Control

Sandro Etalle; William H. Winsborough

doi:10.1145/1266840.1266843

A Posteriori Compliance Control

Sandro Etalle, William H. Winsborough

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

47 Citations (Scopus)

351 Downloads (Pure)

Abstract

While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with respect to the policies they can enforce or incapable of continuing to enforce policies on data objects as they move from one system to another. In this paper we propose an approach to enforcing policies not by preventing unauthorized use, but rather by deterring it. We believe this approach is complementary to preventative policy enforcement. We call our approach APPLE for A-Posteriori PoLicy Enforcement. We introduce APPLE Core, a logical framework for using logs to verify that actions taken by the system were authorized. A trust management system is used to ensure that data objects are provided only to users operating on auditable systems who are subject to penalty should they be found in violation. This combination of audit and accountability provides a deterrence that strongly encourages trustworthy behavior, thereby allowing a high level of assurance of end-to-end policy enforcement.

Original language	Undefined
Title of host publication	12th ACM Symposium on Access Control Models and Technologies (SACMAT)
Place of Publication	New York
Publisher	ACM Press
Pages	11-20
Number of pages	10
ISBN (Print)	978-1-59593-745-2
DOIs	https://doi.org/10.1145/1266840.1266843
Publication status	Published - Jun 2007
Event	12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007 - Nice, France Duration: 20 Jun 2007 → 22 Jun 2007

Publication series

Name
Publisher	ACM Press
Number	2

Conference

Conference	12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007
Period	20/06/07 → 22/06/07
Other	20-22 June 2007

Keywords

CR-D.4.6
SCS-Cybersecurity
EWI-9652
IR-67058
METIS-241576

Access to Document

10.1145/1266840.1266843

http://doi.acm.org/10.1145/1266840.1266843

Cite this

@inproceedings{264a38daefd04dca9574ba847459a1f1,

title = "A Posteriori Compliance Control",

abstract = "While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with respect to the policies they can enforce or incapable of continuing to enforce policies on data objects as they move from one system to another. In this paper we propose an approach to enforcing policies not by preventing unauthorized use, but rather by deterring it. We believe this approach is complementary to preventative policy enforcement. We call our approach APPLE for A-Posteriori PoLicy Enforcement. We introduce APPLE Core, a logical framework for using logs to verify that actions taken by the system were authorized. A trust management system is used to ensure that data objects are provided only to users operating on auditable systems who are subject to penalty should they be found in violation. This combination of audit and accountability provides a deterrence that strongly encourages trustworthy behavior, thereby allowing a high level of assurance of end-to-end policy enforcement.",

keywords = "CR-D.4.6, SCS-Cybersecurity, EWI-9652, IR-67058, METIS-241576",

author = "Sandro Etalle and Winsborough, {William H.}",

note = "10.1145/1266840.1266843 ; 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007 ; Conference date: 20-06-2007 Through 22-06-2007",

year = "2007",

month = jun,

doi = "10.1145/1266840.1266843",

language = "Undefined",

isbn = "978-1-59593-745-2",

publisher = "ACM Press",

number = "2",

pages = "11--20",

booktitle = "12th ACM Symposium on Access Control Models and Technologies (SACMAT)",

}

TY - GEN

T1 - A Posteriori Compliance Control

AU - Etalle, Sandro

AU - Winsborough, William H.

N1 - 10.1145/1266840.1266843

PY - 2007/6

Y1 - 2007/6

N2 - While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with respect to the policies they can enforce or incapable of continuing to enforce policies on data objects as they move from one system to another. In this paper we propose an approach to enforcing policies not by preventing unauthorized use, but rather by deterring it. We believe this approach is complementary to preventative policy enforcement. We call our approach APPLE for A-Posteriori PoLicy Enforcement. We introduce APPLE Core, a logical framework for using logs to verify that actions taken by the system were authorized. A trust management system is used to ensure that data objects are provided only to users operating on auditable systems who are subject to penalty should they be found in violation. This combination of audit and accountability provides a deterrence that strongly encourages trustworthy behavior, thereby allowing a high level of assurance of end-to-end policy enforcement.

AB - While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with respect to the policies they can enforce or incapable of continuing to enforce policies on data objects as they move from one system to another. In this paper we propose an approach to enforcing policies not by preventing unauthorized use, but rather by deterring it. We believe this approach is complementary to preventative policy enforcement. We call our approach APPLE for A-Posteriori PoLicy Enforcement. We introduce APPLE Core, a logical framework for using logs to verify that actions taken by the system were authorized. A trust management system is used to ensure that data objects are provided only to users operating on auditable systems who are subject to penalty should they be found in violation. This combination of audit and accountability provides a deterrence that strongly encourages trustworthy behavior, thereby allowing a high level of assurance of end-to-end policy enforcement.

KW - CR-D.4.6

KW - SCS-Cybersecurity

KW - EWI-9652

KW - IR-67058

KW - METIS-241576

U2 - 10.1145/1266840.1266843

DO - 10.1145/1266840.1266843

M3 - Conference contribution

SN - 978-1-59593-745-2

SP - 11

EP - 20

BT - 12th ACM Symposium on Access Control Models and Technologies (SACMAT)

PB - ACM Press

CY - New York

T2 - 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007

Y2 - 20 June 2007 through 22 June 2007

ER -