The UCONABC usage control model

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

The UCON_ABC usage control model

Full text

Pdf (519 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 7 , Issue 1 (February 2004) table of contents

Pages: 128 - 174

Year of Publication: 2004

ISSN:1094-9224

Authors

Jaehong Park	George Mason University, Fairfax, VA
Ravi Sandhu	NSD Security and George Mason University, Fairfax, VA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 40, Downloads (12 Months): 305, Citation Count: 42

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/984334.984339 What is a DOI?

ABSTRACT

In this paper, we introduce the family of UCON_ABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, delegation, and other important but second-order issues for later work. The term usage control is a generalization of access control to cover authorizations, obligations, conditions, continuity (ongoing controls), and mutability. Traditionally, access control has dealt only with authorization decisions on users' access to target resources. Obligations are requirements that have to be fulfilled by obligation subjects for allowing access. Conditions are subject and object independent environmental or system requirements that have to be satisfied for access. In today's highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Although they have been discussed occasionally in recent literature, most authors have been motivated from specific target problems and thereby limited in their approaches. The UCON_ABC model integrates these diverse concepts in a unified framework. Traditional authorization decisions are generally made at the time of requests but hardly recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied.Unlike other studies that have targeted on specific problems or issues, the UCON_ABC model seeks to enrich and refine the access control discipline in its definition and scope. UCON_ABC covers traditional access controls such as mandatory, discretionary, and role-based access control. Digital rights management and other modern access controls are also covered. UCON_ABC lays the foundation for next generation access controls that are required for today's real-world information and systems security. This paper articulates the core of this new area of UCON and develops several detailed models.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	2	Anderson, R. 2002. TCPA/palladium frequently asked questions. Available at http://www.cl.cam.ac.uk/˜rja14/tcpa-faq.html.
	3	W. A. Arbaugh , D. J. Farber , J. M. Smith, A secure and reliable bootstrap architecture, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.65, May 04-07, 1997
	4	D. B. Baker , R. M. Barnhart , T. T. Buss, PCASSO: applying and extending state-of-the-art security in the healthcare domain, Proceedings of the 13th Annual Computer Security Applications Conference, p.251, December 08-12, 1997
	5	Bell, D. and LaPadula, L. 1973. Secure computer systems: Mathematical foundations and model. MITRE Report, MTR 2547, v2, November.
	6	C. Bettini , S. Jajodia , X. Wang , D. Wijesekera, Obligation Monitoring in Policy Management, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.2, June 05-07, 2002
	7	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	8	ContentGuard. 2002. XrML: Extensible rights Markup Language Core 2.1 Specification. Available at http://www.xrml.org.
	9	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	10	Godik, S. and Moses, T. 2002. OASIS eXtensible Access Control Markup Language (XACML) Specification 1.0. Available at http://www.oasis-open.org/committees/xacml/docs/.
	11	Gligor, V., Gavrila, S., and Ferraiolo, D. 1998. On the formal definition of separation-of-duty policies and their composition. 19th IEEE Computer Society Symposium on Research in Security and Privacy.
	12	C. Gunter , S. Weeks , A. Wright, Models and Languages for Digital Rights, Proceedings of the 34th Annual Hawaii International Conference on System Sciences ( HICSS-34)-Volume 9, p.9076, January 03-06, 2001
	13	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976 [doi>10.1145/360303.360333]
	14	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	15	HHS. 2002. Standards for Privacy of Individually Identifiable Health Information. Available at http://www.hhs.gov/ocr/hipaa/finalreg.html.
	16	Iannella, R. 2002. Open Digital Rights Language V1.1. Available at http://odrl.net.
	17	Jajodia, S., Kudo, M., and Subrahmanian, V. S. 2001. Provisional authorizations. In E-Commerce Security and Privacy, Anup Gosh (Ed.) Kluwer Academic Press, Boston, MA.
	18	Kaplan, M. 1996. IBM Cryptolopes, Superdistribution and Digital Right Management. Available at http://www.research.ibm.com/people/k/kaplan.
	19	Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352613]
	20	Landwehr, C. 1997. Protection (Security) Models and Policy The Computer Science and Engineering Handbook. CRC Press, Boco Raton, FL, 1914--1928.
	21	Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974 [doi>10.1145/775265.775268]
	22	LaMacchia, B. 2002. Key challenges in DRM: An industry perspective. Proceedings of the 2nd ACM DRM Workshop (in conjunction with ACM CCS Conference) November.
	23	MIT 2001. Ten emerging technologies that will change the world. MIT Technology Review (Jan/Feb).
	24	P3P 2002. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. Available at http://www.w3.org/P3P/.
	25	Jaehong Park , Ravi Sandhu, Towards usage control models: beyond traditional access control, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507722]
	26	William Rosenblatt , Stephen Mooney , William Trippe, Digital Rights Management: Business and Technology, John Wiley & Sons, Inc., New York, NY, 2001
	27	Tatyana Ryutov , B. Clifford Neuman, The Set and Function Approach to Modeling Authorization in Distributed Systems, Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security, p.189-206, May 21-23, 2001
	28	T. Ryutov , C. Neuman, The Specification and Enforcement of Advanced Security Policies, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.128, June 05-07, 2002
	29	Sandhu, R. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Computer Security Applications Conference, 282--286.
	30	Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993 [doi>10.1109/2.241422]
	31	Ravi Sandhu, Engineering authority and trust in cyberspace: the OM-AM and RBAC way, Proceedings of the fifth ACM workshop on Role-based access control, p.111-119, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344309]
	32	Sandhu, R. and Samarati, P. 1994. Access control: Principles and practice. IEEE Communication Magazine (Sept.), 40--48.
	33	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	34	A. Schaad , J. Moffett, Delegation of Obligations, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.25, June 05-07, 2002
	35	Schneck, P. 1999. Persistent access control to prevent piracy of digital information. Proceedings of the IEEE 87, 7 (July).
	36	Sibert et al. 1995. The DigiBox: A self-protecting container for information commerce. Proceedings of USENIX Workshop on Electronic Commerce.
	37	Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.183, June 10-12, 1997
	38	TCPA. 2002. Trusted Computing Paltform Alliance, Main Specification V1.1b. Available at http://www.trustedcomputing.org/docs.
	39	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	40	Xin Wang , Guillermo Lao , Thomas DeMartini , Hari Reddy , Mai Nguyen , Edgar Valenzuela, XrML -- eXtensible rights Markup Language, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA [doi>10.1145/764792.764803]
	41	Stephen Weeks, Understanding Trust Management Systems, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.94, May 14-16, 2001
	42	Winsborough, W., Seamons, K., and Jones, V. 2000. Automated trust negotiation. Proceedings of the DARPA Information Survivability Conference and Exposition.
	43	Zhang, X. 2004. Personal communication.

CITED BY 42

	Xinwen Zhang , Jaehong Park , Francesco Parisi-Presicce , Ravi Sandhu, A logical specification for usage control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Radha Jagadeesan , Will Marrero , Corin Pitcher , Vijay Saraswat, Timed constraint programming: a declarative approach to usage control, Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.164-175, July 11-13, 2005, Lisbon, Portugal
	Xinwen Zhang , Yingjiu Li , Divya Nalla, An attribute-based access matrix model, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	Xinwen Zhang , Francesco Parisi-Presicce , Ravi Sandhu , Jaehong Park, Formal model and policy specification of usage control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.351-387, November 2005
	Alexander Pretschner , Manuel Hilty , David Basin, Distributed usage control, Communications of the ACM, v.49 n.9, September 2006
	Bhavani Thuraisingham , Gal Lavee , Elisa Bertino , Jianping Fan , Latifur Khan, Access control, confidentiality and privacy for video surveillance databases, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Zude Li , Xiaojun Ye, Towards a dynamic multi-policy dissemination control model: (DMDCON), ACM SIGMOD Record, v.35 n.1, p.33-38, March 2006
	Bhavani Thuraisingham , Murat Kantarcioglu , Srinivasan Iyer, Extended RBAC-based design and implementation for a secure data warehouse, International Journal of Business Intelligence and Data Mining, v.2 n.4, p.367-382, December 2007
	Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, ACM Transactions on Information and System Security (TISSEC), v.9 n.4, p.391-420, November 2006
	Konstantin (Kosta) Beznosov, Flooding and recycling authorizations, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	Xinwen Zhang , Masayuki Nakae , Michael J. Covington , Ravi Sandhu, A usage-based authorization framework for collaborative computing systems, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Ravi Sandhu , Kumar Ranganathan , Xinwen Zhang, Secure information sharing enabled by Trusted Computing and PEI models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Xinwen Zhang , Ravi Sandhu , Francesco Parisi-Presicce, Safety analysis of usage control authorization models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Stefan Sackmann , Jens Strüker , Rafael Accorsi, Personalization in privacy-aware highly dynamic systems, Communications of the ACM, v.49 n.9, September 2006
	Steve Barker, Action-status access control, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Basel Katt , Xinwen Zhang , Ruth Breu , Michael Hafner , Jean-Pierre Seifert, A general obligation model and continuity: enhanced policy enforcement engine for usage control, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Min Xu , Xuxian Jiang , Ravi Sandhu , Xinwen Zhang, Towards a VMM-based usage control framework for OS kernel integrity protection, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Wolfgang Maass , Wernher Behrendt , Aldo Gangemi, Trading digital information goods based on semantic technologies, Journal of Theoretical and Applied Electronic Commerce Research, v.2 n.3, p.18-35, December 2007
	Alvaro Arenas , Benjamin Aziz , Juan Bicarregui , Brian Matthews, Managing Conflicts of Interest in Virtual Organisations, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.2, p.45-56, February, 2008
	Masoom Alam , Jean-Pierre Seifert , Qi Li , Xinwen Zhang, Usage control platformization via trustworthy SELinux, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Devdatta Kulkarni , Anand Tripathi, Context-aware role-based access control in pervasive computing systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Gilles Goncalves , Aneta Poniszewska-Maranda, Role engineering: From design to evolution of security schemes, Journal of Systems and Software, v.81 n.8, p.1306-1326, August, 2008
	Julien Brunel , Frédéric Cuppens , Nora Cuppens , Thierry Sans , Jean-Paul Bodeveix, Security policy compliance with violation management, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.31-40, November 02-02, 2007, Fairfax, Virginia, USA
	Xinwen Zhang , Masayuki Nakae , Michael J. Covington , Ravi Sandhu, Toward a Usage-Based Security Framework for Collaborative Computing Systems, ACM Transactions on Information and System Security (TISSEC), v.11 n.1, p.1-36, February 2008
	Agreiter Berthold , Muhammad Alam , Ruth Breu , Michael Hafner , Alexander Pretschner , Jean-Pierre Seifert , Xinwen Zhang, A technical architecture for enforcing usage control requirements in service-oriented architectures, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
	A. Pretschner , M. Hilty , D. Basin , C. Schaefer , T. Walter, Mechanisms for usage control, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Karl Krukow , Mogens Nielsen , Vladimiro Sassone, A logical framework for history-based access control and reputation systems, Journal of Computer Security, v.16 n.1, p.63-101, January 2008
	Paolo Guarda , Nicola Zannone, Towards the development of privacy-aware systems, Information and Software Technology, v.51 n.2, p.337-350, February, 2009
	Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008
	Srijith K. Nair , Andrew S. Tanenbaum , Gabriela Gheorghe , Bruno Crispo, Enforcing DRM policies across applications, Proceedings of the 8th ACM workshop on Digital rights management, October 27-27, 2008, Alexandria, Virginia, USA
	Wei She , Bhavani Thuraisingham, Security for Enterprise Resource Planning Systems, Information Systems Security, v.16 n.3, p.152-163, May 2007
	Eduardo B. Fernandez , Günther Pernul, Patterns for session-based access control, Proceedings of the 2006 conference on Pattern languages of programs, October 21-23, 2006, Portland, Oregon
	Matthew Burnside , Angelos D. Keromytis, Asynchronous policy evaluation and enforcement, Proceedings of the 2nd ACM workshop on Computer security architectures, October 31-31, 2008, Alexandria, Virginia, USA
	Pramod Arvind Jamkhedkar , Gregory L. Heileman, A formal conceptual model for rights, Proceedings of the 8th ACM workshop on Digital rights management, October 27-27, 2008, Alexandria, Virginia, USA
	Leon Pan , Chang N. Zhang, A criterion-based multilayer access control approach for multimedia applications and the implementation considerations, ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP), v.5 n.2, p.1-29, November 2008
	Alban Gabillon , Patrick Capolsini, DRM policies for web map service, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California
	E. Barka , A. Lakas, Integrating usage control with SIP-based communications, Journal of Computer Systems, Networks, and Communications, 2008, p.1-8, January 2008
	Junzhou Luo , Xudong Ni , Jianming Yong, A trust degree based access control in grid environments, Information Sciences: an International Journal, v.179 n.15, p.2618-2628, July, 2009
	Vikhyath Rao , Trent Jaeger, Dynamic mandatory access control for multiple stakeholders, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Benjamin Aziz , Simon N. Foley , John Herbert , Garret Swart, Configuring storage-area networks using mandatory security, Journal of Computer Security, v.17 n.2, p.191-210, April 2009
	Li Yang , Alma Cemerlic, Integrating Dirichlet reputation into usage control, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, April 13-15, 2009, Oak Ridge, Tennessee
	Michael Stieghahn , Thomas Engel, Law-aware access control for international financial environments, Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access, June 29-29, 2009, Providence, Rhode Island