{"id":"https://openalex.org/W2148787155","doi":"https://doi.org/10.1145/2523514.2523526","title":"Obligations to enforce prohibitions","display_name":"Obligations to enforce prohibitions","publication_year":2013,"publication_date":"2013-11-26","ids":{"openalex":"https://openalex.org/W2148787155","doi":"https://doi.org/10.1145/2523514.2523526","mag":"2148787155"},"language":"en","primary_location":{"id":"doi:10.1145/2523514.2523526","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523514.2523526","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th International Conference on Security of Information and Networks","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083595076","display_name":"Wolter Pieters","orcid":"https://orcid.org/0000-0003-3985-4452"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]},{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Wolter Pieters","raw_affiliation_strings":["Delft University of Technology &amp; University of Twente, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology &amp; University of Twente, The Netherlands","institution_ids":["https://openalex.org/I98358874","https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005596564","display_name":"Juli\u00e1n Padget","orcid":"https://orcid.org/0000-0003-1314-2094"},"institutions":[{"id":"https://openalex.org/I51601045","display_name":"University of Bath","ror":"https://ror.org/002h8g185","country_code":"GB","type":"education","lineage":["https://openalex.org/I51601045"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Julian Padget","raw_affiliation_strings":["University of Bath, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Bath, United Kingdom","institution_ids":["https://openalex.org/I51601045"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035508729","display_name":"Francien Dechesne","orcid":"https://orcid.org/0000-0002-3511-9103"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Francien Dechesne","raw_affiliation_strings":["Delft University of Technology, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050532928","display_name":"Virginia Dignum","orcid":"https://orcid.org/0000-0001-7409-5813"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Virginia Dignum","raw_affiliation_strings":["Delft University of Technology, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050622410","display_name":"Huib Aldewereld","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Huib Aldewereld","raw_affiliation_strings":["Delft University of Technology, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.058,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.93192347,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"54","last_page":"61"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11010","display_name":"Logic, Reasoning, and Knowledge","score":0.9900000095367432,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8328728675842285},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.8159228563308716},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6651604175567627},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6447060108184814},{"id":"https://openalex.org/keywords/productivity","display_name":"Productivity","score":0.5019288063049316},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4984893798828125},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.4187558889389038},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.38827595114707947},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3534068465232849},{"id":"https://openalex.org/keywords/economics","display_name":"Economics","score":0.08337563276290894}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8328728675842285},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.8159228563308716},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6651604175567627},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6447060108184814},{"id":"https://openalex.org/C204983608","wikidata":"https://www.wikidata.org/wiki/Q2111958","display_name":"Productivity","level":2,"score":0.5019288063049316},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4984893798828125},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.4187558889389038},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.38827595114707947},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3534068465232849},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.08337563276290894},{"id":"https://openalex.org/C139719470","wikidata":"https://www.wikidata.org/wiki/Q39680","display_name":"Macroeconomics","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.1145/2523514.2523526","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523514.2523526","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th International Conference on Security of Information and Networks","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:openaire_cris_publications/a51154ea-6214-4138-a77e-ffdecd6e035d","is_oa":false,"landing_page_url":"https://research.utwente.nl/en/publications/a51154ea-6214-4138-a77e-ffdecd6e035d","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Pieters, W, Padget, J, Dechesne, F, Dignum, V & Aldewereld, H 2013, Obligations to enforce prohibitions: on the adequacy of security policies. in SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks. Proceeding, Association for Computing Machinery, New York, pp. 54-61. https://doi.org/10.1145/2523514.2523526","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:opus.bath.ac.uk:38713","is_oa":false,"landing_page_url":"http://opus.bath.ac.uk/38713/10/SecurityPolicyAlDeDiPaPi_camera_ready.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306401631","display_name":"The University of Bath Online Publications Store (The University of Bath)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I51601045","host_organization_name":"University of Bath","host_organization_lineage":["https://openalex.org/I51601045"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference or Workshop Items"},{"id":"pmh:oai:purehost.bath.ac.uk:publications/a184597c-0a1d-4fbe-b890-0bcfab047881","is_oa":false,"landing_page_url":"https://researchportal.bath.ac.uk/en/publications/a184597c-0a1d-4fbe-b890-0bcfab047881","pdf_url":null,"source":{"id":"https://openalex.org/S4377196294","display_name":"Pure (University of Bath)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I51601045","host_organization_name":"University of Bath","host_organization_lineage":["https://openalex.org/I51601045"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:ris.utwente.nl:publications/a51154ea-6214-4138-a77e-ffdecd6e035d","is_oa":false,"landing_page_url":"http://eprints.eemcs.utwente.nl/secure2/24433/01/TREsPASS.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:tudelft.nl:uuid:ac539eb7-7415-4670-bf53-7dad084363d3","is_oa":false,"landing_page_url":"http://resolver.tudelft.nl/uuid:ac539eb7-7415-4670-bf53-7dad084363d3","pdf_url":null,"source":{"id":"https://openalex.org/S4306400906","display_name":"Research Repository (Delft University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98358874","host_organization_name":"Delft University of Technology","host_organization_lineage":["https://openalex.org/I98358874"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"conference paper"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.5}],"awards":[{"id":"https://openalex.org/G5588376086","display_name":null,"funder_award_id":"SEC-261696 (SESAME), ICT-318003 (TREsPASS)","funder_id":"https://openalex.org/F4320334960","funder_display_name":"Seventh Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320334960","display_name":"Seventh Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W47047907","https://openalex.org/W1481572045","https://openalex.org/W1496815121","https://openalex.org/W1511843655","https://openalex.org/W1525770870","https://openalex.org/W1577672332","https://openalex.org/W1582237078","https://openalex.org/W1606891084","https://openalex.org/W1607886930","https://openalex.org/W1937655324","https://openalex.org/W1976129032","https://openalex.org/W2020686903","https://openalex.org/W2039430275","https://openalex.org/W2041656516","https://openalex.org/W2080885751","https://openalex.org/W2103546069","https://openalex.org/W2107013517","https://openalex.org/W2126020100","https://openalex.org/W2127839201","https://openalex.org/W2128443304","https://openalex.org/W2138337462","https://openalex.org/W2146024157","https://openalex.org/W2165065735","https://openalex.org/W2481772677","https://openalex.org/W2899987233","https://openalex.org/W3202619697","https://openalex.org/W4388218763","https://openalex.org/W6640506068","https://openalex.org/W6684262457"],"related_works":["https://openalex.org/W2964604098","https://openalex.org/W2997512100","https://openalex.org/W2072806201","https://openalex.org/W2024218563","https://openalex.org/W1517743118","https://openalex.org/W2331043530","https://openalex.org/W2529069893","https://openalex.org/W2575817271","https://openalex.org/W2117798902","https://openalex.org/W2127568484"],"abstract_inverted_index":{"Security":[0],"policies":[1,42,134],"in":[2,31,41,77,131],"organisations":[3,130],"typically":[4],"take":[5],"the":[6,11,19,32,36,58,67,79,114,123],"form":[7],"of":[8,21,35,60,82,122],"obligations":[9,23,81],"for":[10],"employees.":[12],"However,":[13],"it":[14],"is":[15],"often":[16],"unclear":[17],"what":[18],"purpose":[20],"such":[22,109],"is,":[24],"and":[25,101,106,111],"how":[26,113],"these":[27],"can":[28,39,116,128],"be":[29,45,117],"integrated":[30],"operational":[33],"processes":[34],"organisation.":[37],"This":[38],"result":[40],"that":[43,65,89],"may":[44],"either":[46],"too":[47,50],"strong":[48],"or":[49,57],"weak,":[51],"leading":[52],"to":[53,63,87,104,119],"unnecessary":[54],"productivity":[55],"loss,":[56],"possibility":[59],"becoming":[61],"victim":[62],"attacks":[64],"exploit":[66],"weaknesses,":[68],"respectively.":[69],"In":[70],"this":[71],"paper,":[72],"we":[73],"propose":[74],"a":[75],"framework":[76,115,127],"which":[78],"security":[80,133],"employees":[83],"are":[84],"linked":[85],"directly":[86],"prohibitions":[88],"prevent":[90],"external":[91],"agents":[92],"(attackers)":[93],"from":[94],"reaching":[95],"their":[96,136],"goals.":[97],"We":[98],"use":[99],"graph-based":[100],"logic-based":[102],"approaches":[103],"formalise":[105],"reason":[107],"about":[108],"policies,":[110],"show":[112],"used":[118],"verify":[120],"correctness":[121],"associated":[124],"refinements.":[125],"The":[126],"assist":[129],"aligning":[132],"with":[135],"threat":[137],"model.":[138]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2014,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2016-06-24T00:00:00"}