Audit-based compliance control

J.G. Cederquist; R.J. Corin; M.A.C. Dekker; S. Etalle; J.I. Hartog, den; G. Lenzini

doi:10.1007/s10207-007-0017-y

Audit-based compliance control

J.G. Cederquist, R.J. Corin, M.A.C. Dekker, S. Etalle, J.I. Hartog, den, G. Lenzini

Research output: Contribution to journal › Article › Academic › peer-review

50 Citations (Scopus)

1 Downloads (Pure)

Abstract

In this paper we introduce a new framework for controlling compliance to discretionary access control policies [Cederquist et al. in Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY), 2005; Corin et al. in Proceedings of the IFIP Workshop on Formal Aspects in Security and Trust (FAST), 2004]. The framework consists of a simple policy language, modeling ownership of data and administrative policies. Users can create documents, and authorize others to process the documents. To control compliance to the document policies, we define a formal audit procedure by which users may be audited and asked to justify that an action was in compliance with a policy. In this paper we focus on the implementation of our framework. We present a formal proof system, which was only informally described in earlier work. We derive an important tractability result (a cut-elimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach for controlling the compliance to policies.

Original language	English
Pages (from-to)	133-151
Journal	International Journal of Information Security
Volume	6
Issue number	2-3
DOIs	https://doi.org/10.1007/s10207-007-0017-y
Publication status	Published - 2007

Access to Document

10.1007/s10207-007-0017-y

Fingerprint Dive into the research topics of 'Audit-based compliance control'. Together they form a unique fingerprint.

Cite this

@article{88a01e25f63a45329c3cf18c96d6ba8e,

title = "Audit-based compliance control",

abstract = "In this paper we introduce a new framework for controlling compliance to discretionary access control policies [Cederquist et al. in Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY), 2005; Corin et al. in Proceedings of the IFIP Workshop on Formal Aspects in Security and Trust (FAST), 2004]. The framework consists of a simple policy language, modeling ownership of data and administrative policies. Users can create documents, and authorize others to process the documents. To control compliance to the document policies, we define a formal audit procedure by which users may be audited and asked to justify that an action was in compliance with a policy. In this paper we focus on the implementation of our framework. We present a formal proof system, which was only informally described in earlier work. We derive an important tractability result (a cut-elimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach for controlling the compliance to policies.",

author = "J.G. Cederquist and R.J. Corin and M.A.C. Dekker and S. Etalle and {Hartog, den}, J.I. and G. Lenzini",

year = "2007",

doi = "10.1007/s10207-007-0017-y",

language = "English",

volume = "6",

pages = "133--151",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer",

number = "2-3",

}

TY - JOUR

T1 - Audit-based compliance control

AU - Cederquist, J.G.

AU - Corin, R.J.

AU - Dekker, M.A.C.

AU - Etalle, S.

AU - Hartog, den, J.I.

AU - Lenzini, G.

PY - 2007

Y1 - 2007

N2 - In this paper we introduce a new framework for controlling compliance to discretionary access control policies [Cederquist et al. in Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY), 2005; Corin et al. in Proceedings of the IFIP Workshop on Formal Aspects in Security and Trust (FAST), 2004]. The framework consists of a simple policy language, modeling ownership of data and administrative policies. Users can create documents, and authorize others to process the documents. To control compliance to the document policies, we define a formal audit procedure by which users may be audited and asked to justify that an action was in compliance with a policy. In this paper we focus on the implementation of our framework. We present a formal proof system, which was only informally described in earlier work. We derive an important tractability result (a cut-elimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach for controlling the compliance to policies.

AB - In this paper we introduce a new framework for controlling compliance to discretionary access control policies [Cederquist et al. in Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY), 2005; Corin et al. in Proceedings of the IFIP Workshop on Formal Aspects in Security and Trust (FAST), 2004]. The framework consists of a simple policy language, modeling ownership of data and administrative policies. Users can create documents, and authorize others to process the documents. To control compliance to the document policies, we define a formal audit procedure by which users may be audited and asked to justify that an action was in compliance with a policy. In this paper we focus on the implementation of our framework. We present a formal proof system, which was only informally described in earlier work. We derive an important tractability result (a cut-elimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach for controlling the compliance to policies.

U2 - 10.1007/s10207-007-0017-y

DO - 10.1007/s10207-007-0017-y

M3 - Article

VL - 6

SP - 133

EP - 151

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

IS - 2-3

ER -