Helge Janicke
ABSTRACT
Usage Control (UCON) Models, similar to Access Control Models, control and govern the users' access to resources and services that are available in the system. One of the major improvements of UCON over traditional access control models is the continuity of the control and the concept of attribute mutability. In this paper we provide an alternative formalisation of the UCON model that relaxes many of the assumptions made in earlier formalisations of the model. We question the enforceability of UCON policies as described by previous formalisations and improve on it.
- M. Y. Becker, C. Fournet, and A. D. Gordon. SecPAL: Design and Semantics of a Decentralized Authorisation Language. Technical report, Microsoft Research, 2006.Google Scholar
- J. Chomicki. Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans. Database Syst., 20(2):149--186, 1995. Google ScholarDigital Library
- S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214--260, 2001. Google ScholarDigital Library
- H. Janicke, A. Cau, F. Siewe, H. Zedan, and K. Jones. A Compositional Event & Time-based Policy Model. In Procceedings of POLICY2006. IEEE, 2006. Google ScholarDigital Library
- L. Lamport. The temporal logic of actions. ACM TOPLAS, 16(3):872--923, 1994. Google ScholarDigital Library
- J. Park, X. Zhang, and R. S. Sandhu. Attribute mutability in usage control. In C. Farkas and P. Samarati, editors, DBSec, pages 15--29. Kluwer, 2004.Google Scholar
- R. Sandhu and J. Park. The UCONABC usage control model. In Proceeding of the Second International Workshop on Mathematical Method, Models and Architectures for Computer Networks Security, 2003.Google Scholar
- F. Siewe. A Compositional Framework for the Development of Secure Access Control Systems. PhD thesis, De Montfort University, 2005.Google Scholar
- X. Zhang, J. Park, F. Parisi-Presicce, and R. Sandhu. A logical specification for usage control. In ACM Proceedings of SACMAT '04, pages 1--10, 2004. Google ScholarDigital Library
- X. Zhang, F. Rarisi-Presicce, J. Park, and R. Sandhu. Formal Model and Policy Specification of Usage Control. ACM TISSEC, 2005. Google ScholarDigital Library
Index Terms
- A note on the formalisation of UCON
Recommendations
CA-UCON: a context-aware usage control model
CASEMANS '11: Proceedings of the 5th ACM International Workshop on Context-Awareness for Self-Managing SystemsUsage CONtrol (UCON) model is the latest major enhancement of the traditional access control models which enables mutability of subject and object attributes, and continuity of control on usage of resources. In UCON, access permission decision is based ...
A logical specification for usage control
SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologiesRecently presented usage control (UCON) has been considered as the next generation access control model with distinguishing properties of decision continuity and attribute mutability. Ausage control decision is determined by combining authorizations, ...
Formal model and policy specification of usage control
The recent usage control model (UCON) is a foundation for next-generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, ...
Comments