The acquisition of information prior to sale gives rise to a hold-up situation quite naturally. Yet, while the bulk of the literature on the hold-up problem considers negotiations under symmetric information where cooperative short-cuts such as split the di¤erence capture the outcome of bargaining, in the present setting, parties negotiate under asymmetric information where the outcome must be ...

Originator Control is an access control policy that requires recipients to gain originator’s approval for redissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial Digita...

Abstract: Situations can arise in which organizations have to merge policies that are based on different access control frameworks, such as Role Based Access Control (RBAC) and Mandatory Access Control (MAC). Integrating policies requires addressing the following question: How will the integration impact access to protected resources? In particular, one needs to determine that the integration d...

Our role-based/mandatory access control (RBAC/MAC) security model and enforcement framework for inter-operating legacy, COTS, GOTS, databases, servers, etc., limits: who (user/user role) can invoke which methods (based on value and MAC level) of artifact APIs at what times, and who (user) can delegate which responsibility (user role) at what times. In this chapter, we focus on assurance for the...

The regulation of telecommunications, railroads, and other network industries has been based on mandatory unbundling and facilities sharing – entrants have the option to lease part or all of incumbents’ facilities if and when they desire, at rates determined by regulators. This flexibility is of great value to entrants, but because investments are largely irreversible, it is costly to supply by...

This paper presents a theory of runtime enforcement based on mechanism models called MRAs (Mandatory Results Automata). MRAs can monitor and transform security-relevant actions and their results. Because previous work could not model monitors transforming results, MRAs capture realistic behaviors outside the scope of previous models. MRAs also have a simple but realistic operational semantics t...

In a court-mandated, child-focused class for divorcing parents, parental mastery of skills taught were evaluated both immediately after the class and 6 months later Parents perceived the classes 10 be realistic and uspful. Skills were effectively learned and were maintained over the evaluation period. Parents reported that they were successful in dramatically lowering exposure of their children...

Existing ERM/DRM systems and more generally usage control systems aim to control who accesses data and the usage data is subject to even after the data has been disseminated to recipients. However, once the data has been used, no control or protection is applied to the information created as result of the usage. We propose a solution to derive protection requirements for derived data that makes...

This paper describes a tool which composes a policy for a fine-grained mandatory access control system (DTE) from a set of mostly independent policy modules. For a large system with many services, a DTE policy becomes unwieldy. However, many system services and security extensions can be considered to be largely standalone. By providing for explicit grouping, namespaces, and globbing by namespa...

Mandatory access control has traditionally been employed as a robust security mechanism in critical environments like military ones. As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Aggregating mandatory models with context-awareness would provide us with essential means to define dynamic policies needed ...