Formal specification and management of security policies with collective group obligations

Obligations are an essential element of security policies since they enable the specification of many security requirements such as availability, privacy, usage control and data protection. In everyday life, the fulfillment of obligations is often the responsibility of more than one subject, e.g., "All patients must be checked by one of the doctors". Obligations may also be fulfilled in different ways, e.g., "Every customer should pay either in cash or by check". Current security policy languages do not enable the specification of these intuitive and much needed requirements. In this paper, we show how policy languages can be extended to support the specification of these requirements which we call group obligations. To clarify the semantics of group obligations, we introduce state-based models for both group and individual obligations and show how group obligations can be managed according to change in the state of individual obligations. We formalize the semantics of the model and interactions between individual and group obligations by introducing a policy-enforcement language LE. LE enables the formal description of the application domain and the policy and provides operational semantics for policy management. Moreover, we discuss termination and determinism of policy enforcement in the proposed framework and show how different sanction/reaction policies may be activated when group obligations are violated.