CSC News
Yu Receives NSF Award to Study Management of Obligations in Security Policies
Dr. Ting Yu has been awarded $180,000 by the National Science Foundation to fund his research proposal titled “CT-ISG: Collaborative Research: A Framework for the Modeling and Management of Obligations in Security Policies.”
The award will run from August 1, 2007 through July 31, 2010.
Research Abstract - The correct behavior and reliable operation of an information system relies not only on what users are permitted to do, but oftentimes on what users are required to do. Such obligatory actions are integral to the security procedures of many enterprises. The management of obligations in security policies imposes significant technical challenges since obligations bear quite different properties from traditional access control.
In this project, we propose to develop a comprehensive framework for the management of obligations in security policies, which covers the full life cycle of obligations, including obligation modeling, specification, analysis, monitoring and discharges. Though the framework is formal in nature, and is designed on purpose to be general, the evaluation of its usefulness and effectiveness is firmly grounded on real applications, in particular, in the context of cross-domain data sharing systems and privacy policy enforcement systems.
The award will run from August 1, 2007 through July 31, 2010.
Research Abstract - The correct behavior and reliable operation of an information system relies not only on what users are permitted to do, but oftentimes on what users are required to do. Such obligatory actions are integral to the security procedures of many enterprises. The management of obligations in security policies imposes significant technical challenges since obligations bear quite different properties from traditional access control.
In this project, we propose to develop a comprehensive framework for the management of obligations in security policies, which covers the full life cycle of obligations, including obligation modeling, specification, analysis, monitoring and discharges. Though the framework is formal in nature, and is designed on purpose to be general, the evaluation of its usefulness and effectiveness is firmly grounded on real applications, in particular, in the context of cross-domain data sharing systems and privacy policy enforcement systems.
Return To News Homepage