Conference Paper

A general obligation model and continuity: enhanced policy enforcement engine for usage control.

DOI: 10.1145/1377836.1377856 Conference: SACMAT 2008, 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings
Source: DBLP

ABSTRACT The usage control model (UCON) has been proposed to aug- ment traditional access control models by integrating au- thorizations, obligations, and conditions and providing the properties of decision continuity and attribute mutability. Several recent work have applied UCON to support secu- rity requirements in dierent computing environments such as resource sharing in collaborative computing systems and data control in remote platforms. In this paper we iden- tify two individual but interrelated problems of the origi- nal UCON model and recent implementations: oversimpli- fying the concept of usage session of the model, and the lack of comprehensive ongoing enforcement mechanism of imple- mentations. We extend the core UCON model with con- tinuous usage sessions thus extensively augment the expres- siveness of obligations in UCON, and then propose a gen- eral, continuity-enhanced and configurable usage control en- forcement engine. Finally we explain how our approach can satisfy flexible security requirements with an implemented prototype for a healthcare information system.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Distributed usage control is concerned with how data may or may not be used in distributed system environments after initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking---that has been designed and used to track the existence of copies of data on single clients---to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiving end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we concretize "transfer of data" to the Transmission Control Protocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.
    Proceedings of the third ACM conference on Data and application security and privacy; 02/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: UCON (Usage Control), a recent access control model, allows temporal control of the usage of permissions according to three criteria: Authorizations, oBligations and Conditions. In this paper, we investigate delegation in UCON and propose a new approach to achieve user-user total and partial delegations with the enforcement of constraints by taking advantage of UCON's existing components: Authorizations, oBligations and Conditions. The approach we propose can be modified and extended, without much effort, to other access control models accommodated by UCON and to a distributed environment.
    Proceedings of the third ACM conference on Data and application security and privacy; 02/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Enforcing the purpose of data usage means to ensure that data are used as it intends for and that excessive usage cannot happen. In general, the enforcement of purpose is a complicated task. The main difficulty is to identify the purpose of an agent when it requests to perform an action. In this paper, we discuss the design issue of usage purpose enforcement model based on our proposed enforcement structure: pre-, ongoing-, and post-enforcement. We also propose an enforcement solution for usage control designed for distributed healthcare information system, particularly, the pre-and ongoing-enforcement of purpose. Furthermore, we validate our model with a prototype developed in Java.
    International Journal of Security and Networks 08/2013; 8(2).


Available from