Affiliation:
1. George Mason University, Fairfax, VA
2. NSD Security and George Mason University, Fairfax, VA
Abstract
In this paper, we introduce the family of UCON
ABC
models for usage control (UCON), which integrate
Authorizations (A), oBligations (B), and Conditions (C)
. We call these core models because they address the essence of UCON, leaving administration, delegation, and other important but second-order issues for later work. The term usage control is a generalization of access control to cover authorizations, obligations, conditions, continuity (ongoing controls), and mutability. Traditionally, access control has dealt only with authorization decisions on users' access to target resources. Obligations are requirements that have to be fulfilled by obligation subjects for allowing access. Conditions are subject and object independent environmental or system requirements that have to be satisfied for access. In today's highly dynamic, distributed environment, obligations and conditions are also crucial
decision factors
for richer and finer controls on usage of digital resources. Although they have been discussed occasionally in recent literature, most authors have been motivated from specific target problems and thereby limited in their approaches. The UCON
ABC
model integrates these diverse concepts in a unified framework. Traditional authorization decisions are generally made at the time of requests but hardly recognize
ongoing controls
for relatively long-lived access or for immediate revocation. Moreover,
mutability
issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied.Unlike other studies that have targeted on specific problems or issues, the UCON
ABC
model seeks to enrich and refine the access control discipline in its definition and scope. UCON
ABC
covers traditional access controls such as mandatory, discretionary, and role-based access control. Digital rights management and other modern access controls are also covered. UCON
ABC
lays the foundation for next generation access controls that are required for today's real-world information and systems security. This paper articulates the core of this new area of UCON and develops several detailed models.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference43 articles.
1. A calculus for access control in distributed systems
2. Anderson R. 2002. TCPA/palladium frequently asked questions. Available at http://www.cl.cam.ac.uk/˜rja14/tcpa-faq.html.]] Anderson R. 2002. TCPA/palladium frequently asked questions. Available at http://www.cl.cam.ac.uk/˜rja14/tcpa-faq.html.]]
3. Arbaugh W. 1997. A secure and reliable bootstrap architecture Proceedings of the IEEE Symposium on Security and Privacy 65--71.]] Arbaugh W. 1997. A secure and reliable bootstrap architecture Proceedings of the IEEE Symposium on Security and Privacy 65--71.]]
4. Bell D. and LaPadula L. 1973. Secure computer systems: Mathematical foundations and model. MITRE Report MTR 2547 v2 November.]] Bell D. and LaPadula L. 1973. Secure computer systems: Mathematical foundations and model. MITRE Report MTR 2547 v2 November.]]
Cited by
502 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献