Conference Paper

A general obligation model and continuity: enhanced policy enforcement engine for usage control.

DOI: 10.1145/1377836.1377856 Conference: SACMAT 2008, 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings
Source: DBLP

ABSTRACT The usage control model (UCON) has been proposed to aug- ment traditional access control models by integrating au- thorizations, obligations, and conditions and providing the properties of decision continuity and attribute mutability. Several recent work have applied UCON to support secu- rity requirements in dierent computing environments such as resource sharing in collaborative computing systems and data control in remote platforms. In this paper we iden- tify two individual but interrelated problems of the origi- nal UCON model and recent implementations: oversimpli- fying the concept of usage session of the model, and the lack of comprehensive ongoing enforcement mechanism of imple- mentations. We extend the core UCON model with con- tinuous usage sessions thus extensively augment the expres- siveness of obligations in UCON, and then propose a gen- eral, continuity-enhanced and configurable usage control en- forcement engine. Finally we explain how our approach can satisfy flexible security requirements with an implemented prototype for a healthcare information system.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Obligations are an important and indispensable part of many access control policies, such as those in DRM (Digital Rights Management) and healthcare information systems. To be able use obligations in a real-world access control system, there must exist a language for specifying obligations. However, such a language is currently lacking. XACML (eXtensible Access Control Markup Language), the current de facto standard for specifying access control policies, seems to integrate obligations as a part of it, but it treats obligations largely as black boxes, without specifying what an obligation should include and how to handle them. In this paper we examine the challenges in designing a practical approach for specifying and handling obligations, and then propose a language for specifying obligations, and an architecture for handling access control policies with these obligations, extending XACML's specification and architecture. In our design, obligations are modeled as state machines which communicate with the access control system and the outside world via events. We further implement our design into a prototype system named ExtXACML, based on SUN's XACML implementation. ExtXACML is extensible in that new obligation modules can be added into the system to handle various obligations for different applications, which shows the strong power of our design.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Enforcing the purpose of data usage means to ensure that data are used as it intends for and that excessive usage cannot happen. In general, the enforcement of purpose is a complicated task. The main difficulty is to identify the purpose of an agent when it requests to perform an action. In this paper, we discuss the design issue of usage purpose enforcement model based on our proposed enforcement structure: pre-, ongoing-, and post-enforcement. We also propose an enforcement solution for usage control designed for distributed healthcare information system, particularly, the pre-and ongoing-enforcement of purpose. Furthermore, we validate our model with a prototype developed in Java.
    International Journal of Security and Networks 08/2013; 8(2).
  • [Show abstract] [Hide abstract]
    ABSTRACT: UCON (Usage Control), a recent access control model, allows temporal control of the usage of permissions according to three criteria: Authorizations, oBligations and Conditions. In this paper, we investigate delegation in UCON and propose a new approach to achieve user-user total and partial delegations with the enforcement of constraints by taking advantage of UCON's existing components: Authorizations, oBligations and Conditions. The approach we propose can be modified and extended, without much effort, to other access control models accommodated by UCON and to a distributed environment.
    Proceedings of the third ACM conference on Data and application security and privacy; 02/2013

Full-text (2 Sources)

Available from
Oct 13, 2014