{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T07:40:10Z","timestamp":1772264410558,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,2,18]],"date-time":"2020-02-18T00:00:00Z","timestamp":1581984000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,2,18]]},"DOI":"10.1145\/3384544.3384585","type":"proceedings-article","created":{"date-parts":[[2020,5,4]],"date-time":"2020-05-04T03:58:24Z","timestamp":1588564704000},"page":"331-338","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["PoCo"],"prefix":"10.1145","author":[{"given":"Danielle","family":"Ferguson","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida"}]},{"given":"Yan","family":"Albright","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida"}]},{"given":"Daniel","family":"Lomsak","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida"}]},{"given":"Tyler","family":"Hanks","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida"}]},{"given":"Kevin","family":"Orr","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida"}]},{"given":"Jay","family":"Ligatti","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida"}]}],"member":"320","published-online":{"date-parts":[[2020,4,17]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(13)70045-9"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1977.229904"},{"key":"e_1_3_2_1_3_1","first-page":"77","volume-title":"Computer and Communications Security","author":"Xu C.","year":"2012","unstructured":"C. Xu and P. W. Fong, \"The specification and compilation of obligation policies for program monitoring,\" in Proceedings of the ACM Symposium on Information, Computer and Communications Security, pp. 77--78, ACM, 2012."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1525880.1525882"},{"key":"e_1_3_2_1_5_1","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Ribeiro C.","year":"2001","unstructured":"C. Ribeiro, A. Z\u00faquete, P. Ferreira, and P. Guedes, \"SPL: An access control language for security policies with complex constraints,\" in NDSS, pp. 89--107, Network and Distributed System Security Symposium (NDSS), 2001."},{"key":"e_1_3_2_1_6_1","volume-title":"Ponder: A language for specifying security and management policies for distributed systems,\" tech. rep","author":"Damianou N.","year":"2000","unstructured":"N. Damianou, N. Dulay, E. Lupu, and M. Sloman, \"Ponder: A language for specifying security and management policies for distributed systems,\" tech. rep., Imperial College. UK, Research Report Department of Computing, 2000."},{"key":"e_1_3_2_1_7_1","volume-title":"ACM","author":"Park J.","year":"2002","unstructured":"J. Park and R. Sandhu, \"Towards usage control models: beyond traditional access control,\" in Proceedings of the ACM symposium on Access control models and technologies, pp. 57--64, ACM, 2002."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/984334.984339"},{"key":"e_1_3_2_1_9_1","first-page":"502","volume-title":"Provisions and obligations in policy management and security applications,\" in Proceedings of the International Conference on Very Large Data Bases","author":"Bettini C.","year":"2002","unstructured":"C. Bettini, S. Jajodia, S. Wang, and D. Wijesekera, \"Provisions and obligations in policy management and security applications,\" in Proceedings of the International Conference on Very Large Data Bases, pp. 502--513, Elsevier, 2002."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_11_1","volume-title":"Oasis extensible access control markup language (xacml).\" http:\/\/www.oasis-open.org\/committees\/tc_home.phpl","author":"Bill Parducci H. L.","year":"2012","unstructured":"H. L. Bill Parducci and R. Levinson, \"Oasis extensible access control markup language (xacml).\" http:\/\/www.oasis-open.org\/committees\/tc_home.phpl, 2012."},{"key":"e_1_3_2_1_12_1","first-page":"87","volume-title":"Overriding of Access Control in XACML,\" in Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","author":"Alqatawna J.","year":"2007","unstructured":"J. Alqatawna, E. Rissanen, and B. Sadighi, \"Overriding of Access Control in XACML,\" in Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07), pp. 87--95, IEEE, 2007."},{"key":"e_1_3_2_1_13_1","first-page":"1","volume-title":"MCG '06","author":"Chadwick D. W.","unstructured":"D. W. Chadwick, L. Su, and R. Laborde, \"Providing secure coordinated access to grid services,\" in Proceedings of the 4th International Workshop on Middleware for Grid Computing, MCG '06, (New York, NY, USA), pp. 1-, ACM, 2006."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542229"},{"key":"e_1_3_2_1_15_1","volume-title":"IEEE","author":"Lischka M.","year":"2010","unstructured":"M. Lischka, \"Dynamic obligation specification and negotiation,\" in 2010 IEEE Network Operations and Management Symposium-NOMS 2010, pp. 155--162, IEEE, 2010."},{"key":"e_1_3_2_1_16_1","volume-title":"ACM","author":"Li N.","year":"2012","unstructured":"N. Li, H. Chen, and E. Bertino, \"On practical specification and enforcement of obligations,\" in Proceedings of the ACM conference on Data and Application Security and Privacy, pp. 71--82, ACM, 2012."},{"key":"e_1_3_2_1_17_1","first-page":"330","volume-title":"Ponder2: A Policy System for Autonomous Pervasive Environments,\" in International Conference on Autonomic and Autonomous Systems","author":"Twidle K.","year":"2009","unstructured":"K. Twidle, N. Dulay, E. Lupu, and M. Sloman, \"Ponder2: A Policy System for Autonomous Pervasive Environments,\" in International Conference on Autonomic and Autonomous Systems, pp. 330--335, IEEE, 2009."},{"key":"e_1_3_2_1_18_1","first-page":"172","volume-title":"Enforcing obligation with security monitors,\" in International Conference on Information and Communications Security","author":"Ribeiro C.","year":"2001","unstructured":"C. Ribeiro, A. Zuquete, and P. Ferreira, \"Enforcing obligation with security monitors,\" in International Conference on Information and Communications Security, pp. 172--176, Springer, 2001."},{"key":"e_1_3_2_1_19_1","first-page":"203","volume-title":"Obligation policies: An enforcement platform,\" in Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05)","author":"Gama P.","year":"2005","unstructured":"P. Gama and P. Ferreira,\"Obligation policies: An enforcement platform,\" in Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05), pp. 203--212, IEEE, 2005."},{"key":"e_1_3_2_1_20_1","first-page":"63","volume-title":"IEEE 4th International Workshop on Policies for Distributed Systems and Networks","author":"Kagal L.","year":"2003","unstructured":"L. Kagal, T. Finin, and A. Joshi, \"A policy language for a pervasive computing environment,\" in Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 63--74, IEEE, 2003."},{"key":"e_1_3_2_1_21_1","volume-title":"ACM","author":"Irwin K.","year":"2006","unstructured":"K. Irwin, T. Yu, and W. H. Winsborough, \"On the modeling and analysis of obligations,\" in Proceedings of the 13th ACM conference on Computer and communications security, pp. 134--143, ACM, 2006."},{"key":"e_1_3_2_1_22_1","unstructured":"OASIS \"eXtensible Access Control Markup Language (XACML) Version 3.0.\" http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html 2013. Accessed: 2017-04-22."},{"key":"e_1_3_2_1_23_1","volume-title":"Composition of atomic obligation security policies.\" http:\/\/www.cse.usf.edu\/ligatti\/papers\/PoCoTR.pdf","author":"Ferguson D.","year":"2019","unstructured":"D. Ferguson, Y. Albright, D. Lomsak, T. Hanks, K. Orr, and J. Ligatti, \"Composition of atomic obligation security policies.\" http:\/\/www.cse.usf.edu\/ligatti\/papers\/PoCoTR.pdf, 2019."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1006\/inco.1994.1093"},{"key":"e_1_3_2_1_25_1","first-page":"87","volume-title":"ESORICS","author":"Ligatti J.","year":"2010","unstructured":"J. Ligatti and S. Reddy, \"A theory of runtime enforcement, with results,\" in Proceedings of the 15th European conference on Research in computer security, ESORICS, pp. 87--100, Springer, 2010."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.19.292"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301314"},{"key":"e_1_3_2_1_28_1","unstructured":"Y. Albright \"PoCo source code.\" https:\/\/github.com\/caoyan66\/PoCo-PolicyComposition\/ 2018."},{"key":"e_1_3_2_1_29_1","unstructured":"AspectJ \"The Aspectj & Project.\" https:\/\/www.eclipse.org\/aspectj 2017. Accessed: 2017-04-12."},{"key":"e_1_3_2_1_30_1","first-page":"265","article-title":"LoPSiL: A location-based policy-specification language","author":"Ligatti J.","year":"2009","unstructured":"J. Ligatti, B. Rickey, and N. Saigal, \"LoPSiL: A location-based policy-specification language,\" Security and Privacy in Mobile Information and Communication Systems, pp. 265--277, 2009.","journal-title":"Security and Privacy in Mobile Information and Communication Systems"},{"key":"e_1_3_2_1_31_1","volume-title":"A Java email client","author":"Petersen A.","year":"2003","unstructured":"A. Petersen, \"Pooka: A Java email client, 2003.\" http:\/\/www.suberic.net\/pooka\/, 2013. Accessed: 2018-01-12."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/353323.353382"}],"event":{"name":"ICSCA 2020: 2020 9th International Conference on Software and Computer Applications","location":"Langkawi Malaysia","acronym":"ICSCA 2020"},"container-title":["Proceedings of the 2020 9th International Conference on Software and Computer Applications"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3384544.3384585","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3384544.3384585","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:19:18Z","timestamp":1755839958000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3384544.3384585"}},"subtitle":["A Language for Specifying Obligation-Based Policy Compositions"],"short-title":[],"issued":{"date-parts":[[2020,2,18]]},"references-count":32,"alternative-id":["10.1145\/3384544.3384585","10.1145\/3384544"],"URL":"https:\/\/doi.org\/10.1145\/3384544.3384585","relation":{},"subject":[],"published":{"date-parts":[[2020,2,18]]},"assertion":[{"value":"2020-04-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}