Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the availability of services in many applications often further imposes obligation requirements, which specify what actions have to be taken by a subject in the future as a condition of getting certain privileges at present. However, it is not clear yet what the implications of obligation policies are concerning the security goals of a system.In this paper, we propose a formal metamodel that captures the key aspects of a system that are relevant to obligation management. We formally investigate the interpretation of security policies from the perspective of obligations, and define secure system states based on the concept of accountability. We also study the complexity of checking a state's accountability under different assumptions about a system.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	R. J. Anderson, A security policy model for clinical information systems, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.30, May 06-08, 1996
	2	Elisa Bertino , Elena Ferrari , Francesco Buccafurri , Pasquale Rullo, A Logical Framework for Reasoning on Data Access Control Policies, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.175, June 28-30, 1999
	3	Elisa Bertino , Silvana Castano , Elena Ferrari, On specifying security policies for web documents with an XML-based language, Proceedings of the sixth ACM symposium on Access control models and technologies, p.57-65, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373264]
	4	C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Provisions and obligations in policy management and security applications. In VLDB, Hong Kong, China, Aug. 2002.
	5	C. Bettini , S. Jajodia , X. Wang , D. Wijesekera, Obligation Monitoring in Policy Management, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.2, June 05-07, 2002
	6	Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and Obligations in Policy Rule Management, Journal of Network and Systems Management, v.11 n.3, p.351-372, September 2003  [doi>10.1023/A:1025711105609]
	7	Matt Blaze , Joan Feigenbaum , Martin Strauss, Compliance Checking in the PolicyMaker Trust Management System, Proceedings of the Second International Conference on Financial Cryptography, p.254-274, February 23-25, 1998
	8	C. Bussler , S. Jablonski, Policy resolution for workflow management systems, Proceedings of the 28th Hawaii International Conference on System Sciences, p.831, January 04-07, 1995
	9	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	10	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	11	A Framework for Contractual Resource Sharing in Coalitions, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'04), p.117, June 07-09, 2004
	12	Pedro Gama , Paulo Ferreira, Obligation Policies: An Enforcement Platform, Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05), p.203-212, June 06-08, 2005  [doi>10.1109/POLICY.2005.18]
	13	Patricia P. Griffiths , Bradford W. Wade, An authorization mechanism for a relational database system, ACM Transactions on Database Systems (TODS), v.1 n.3, p.242-255, Sept. 1976  [doi>10.1145/320473.320482]
	14	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976  [doi>10.1145/360303.360333]
	15	IBM. Enterprise Privacy Authorization Language (EPAL 1.1) Specification. http://www.zurich.ibm.com/security/enterprise-privacy/epal/.
	16	K. Irwin, T. Yu, and W. Winsborough. On the modeling and analysis of obligations. Technical Report NCSU CS TR 2006-26, North Carolina State University, 2006. ftp://ftp.ncsu.edu/pub/unity/lockers/ftp/csc_anon/tech/2006/TR-2006-26.%.pdf.
	17	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	18	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
	19	Lalana Kagal , Tim Finin , Anupam Joshi, A Policy Language for a Pervasive Computing Environment, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.63, June 04-06, 2003
	20	H. Kamoda, M. Yamaoka, S. Matsuda, K. Broda, and M. Sloman. Policy conflict analysis using free variable tableaux for access control in web services environments. In Policy Management for the Web Workshop, Chiba, Japan, May 2005.
	21	Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352613]
	22	Ninghui Li , William H. Winsborough , John C. Mitchell, Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.123, May 11-14, 2003
	23	T. Ryutov and C. Neuman. Representation and evaluation of security policies for distributed system services. In Proc. DARPA Information Survivability Conference and Exposition, January 2000.
	24	M. Sailer and M. Morciniec. Monitoring and execution for contract compliance. Technical Report TR 2001-261, HP Labs, 2001.
	25	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
	26	Ravinderpal Singh Sandhu, The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM (JACM), v.35 n.2, p.404-432, April 1988  [doi>10.1145/42282.42286]
	27	Emin Gün Sirer , Ke Wang, An access control language for web services, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507715]
	28	X. TC. Oasis extensible access control markup language (xacml). http://www.oasis-open.org/committees/xacml/.
	29	A. Uszok , J. Bradshaw , R. Jeffers , N. Suri , P. Hayes , M. Breedy , L. Bunch , M. Johnson , S. Kulkarni , J. Lott, KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.93, June 04-06, 2003
	30	OASIS eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml/, 2005.