Caching and Auditing in the RPPM Model

Crampton and Sellwood recently introduced a variant of relationship-based access control based on the concepts of relationships, paths and principal matching, to which we will refer as the RPPM model. In this paper, we show that the RPPM model can be extended to provide support for caching of authorization decisions and enforcement of separation of duty policies. We show that these extensions are natural and powerful. Indeed, caching provides far greater advantages in RPPM than it does in most other access control models and we are able to support a wide range of separation of duty policies.Comment: Accepted for publication at STM 2014 (without proofs, which are included in this longer version

Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model

Log Auditing for Trust Assessment in Peer-to-Peer Collaboration

International audienceIn order to overcome the disadvantages of a central authority, a tendency is to move towards a peer-to-peer collaboration where control over data is given to users who can decide with whom they want to share their private data. In this peer-to-peer collaboration it is very difficult to ensure that after data is shared with other peers, these peers will not misbehave and violate data privacy. In this paper, we propose a mechanism that addresses the issue of data privacy violation by auditing the collaboration logs. In our approach, trust values between users are adjusted according to their previous activities on the shared data. Users share their private data by specifying some obligations the receivers are expected to follow. We log modifications done by users as well as the obligations and use a log-auditing mechanism to detect users who misbehaved. We adjust their associated trust values by using any existing decentralized trust model

A Contract-extended Push-Pull-Clone Model

International audienceIn the push-pull-clone collaborative editing model widely used in distributed version control systems users replicate shared data, modify it and redistribute modified versions of this data without the need of a central authority. However, in this model no usage restriction mechanism is proposed to control what users can do with the data after it has been released to them. In this paper we extended the push-pull-clone model with contracts that express usage restrictions and that are checked a posteriori by users when they receive the modified data. We propose a merging algorithm that deals not only with modifications on data but also with contracts. A log-auditing protocol is used to detect users who do not respect contracts and to adjust user trust levels. Our proposed contract-based model has been implemented and evaluated by using PeerSim simulator

Relational abstraction in community-based secure collaboration

Users of an online community are willing to share resources because they can expect rea-sonable behaviour from other members of the community. Such expectations are known as social contracts. In this work, we study the specification and enforcement of social contracts in a computer mediated collaboration environment. Specifically, we examine social contracts that contain both relationship- and history-based elements. A series of policy languages, all based on modal and temporal logics, with increasing expressiveness, have been proposed to express social contracts. Reference monitors are designed to correctly and efficiently enforce the specified policies. A technique called “relational abstraction ” is employed to reduce the reference monitor into a purely relationship-based protection system, that is, what is commonly known as a social network system.

A theory of agreements and protection

In this thesis we propose a theory of contracts. Contracts are modelled as interacting processes with an explicit association of obligations and objectives. Obligations are specified using event structures. In this model we formalise two fundamental notions of contracts, namely agreement and protection. These notions arise naturally by interpreting contracts as multi-player concurrent games. A participant agrees on a contract if she has a strategy to reach her objectives (or to make another participant sanctionable for a violation), whatever the moves of her counterparts. A participant is protected by a contract when she has a strategy to defend herself in all possible contexts, even in those where she has not reached an agreement. When obligations are represented using classical event structures, we show that agreement and protection mutually exclude each other for a wide class of contracts. To reconcile agreement with protection we propose a novel formalism for modelling contractual obligations: event structures with circular causality. We study this model from a foundational perspective, and we relate it with classical event structures. Using this model, we show how to construct contracts which guarantee both agreement and protection. We relate our contract model with Propositional Contract Logic, by establishing a correspondence between provability in the logic and the notions of agreement and strategies. This is a first step towards reducing the gap between two main paradigms for modelling contracts, that is the one which interprets them as interactive systems, and the one based on logic

A theory of agreements and protection

In this thesis we propose a theory of contracts. Contracts are modelled as interacting processes with an explicit association of obligations and objectives. Obligations are specified using event structures. In this model we formalise two fundamental notions of contracts, namely agreement and protection. These notions arise naturally by interpreting contracts as multi-player concurrent games. A participant agrees on a contract if she has a strategy to reach her objectives (or to make another participant sanctionable for a violation), whatever the moves of her counterparts. A participant is protected by a contract when she has a strategy to defend herself in all possible contexts, even in those where she has not reached an agreement. When obligations are represented using classical event structures, we show that agreement and protection mutually exclude each other for a wide class of contracts. To reconcile agreement with protection we propose a novel formalism for modelling contractual obligations: event structures with circular causality. We study this model from a foundational perspective, and we relate it with classical event structures. Using this model, we show how to construct contracts which guarantee both agreement and protection. We relate our contract model with Propositional Contract Logic, by establishing a correspondence between provability in the logic and the notions of agreement and strategies. This is a first step towards reducing the gap between two main paradigms for modelling contracts, that is the one which interprets them as interactive systems, and the one based on logic