Conference Paper

A general obligation model and continuity: enhanced policy enforcement engine for usage control.

DOI: 10.1145/1377836.1377856 Conference: SACMAT 2008, 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings
Source: DBLP


The usage control model (UCON) has been proposed to aug- ment traditional access control models by integrating au- thorizations, obligations, and conditions and providing the properties of decision continuity and attribute mutability. Several recent work have applied UCON to support secu- rity requirements in dierent computing environments such as resource sharing in collaborative computing systems and data control in remote platforms. In this paper we iden- tify two individual but interrelated problems of the origi- nal UCON model and recent implementations: oversimpli- fying the concept of usage session of the model, and the lack of comprehensive ongoing enforcement mechanism of imple- mentations. We extend the core UCON model with con- tinuous usage sessions thus extensively augment the expres- siveness of obligations in UCON, and then propose a gen- eral, continuity-enhanced and configurable usage control en- forcement engine. Finally we explain how our approach can satisfy flexible security requirements with an implemented prototype for a healthcare information system.

Download full-text


Available from: Basel Katt, Oct 13, 2014
15 Reads
  • Source
    • "1) Enforcement of oBligation of ucon With the increasing use of modern communication technologies in both the public and commercial sectors, adequate handing of personal data is of a serious concern. This is due to the fact that, data is distributed across many public and commercial databases and stored in many applications.[2] [3] [4] In order to ensure, controlled usage of data, usage control in its core model introduced oBligations which must be fulfilled during usage decisions in order to determine the continuity or termination of access to a digital resource as mentioned previously. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Computer and information technology has evaded our every aspect of life. Information technology is seen in all aspect of the individual from banking and investing to shopping and communicating through the use of the internet services such as emails and chat rooms. Organizations and industries also utilize computer and information technology to collect information on individuals leading to the creation of warehouse of databases that enable them to achieve their objectives. In a distributed network environment today, information security is a very important issue in ensuring a safe computing environment.
    03/2013; 513-517. DOI:10.2991/iccsee.2013.68
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A B S T R A C T This article presents a survey of authorisation models and considers their 'tness-for-purpo se' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a 'virtual organisation'. The article argues that present authorisation models are inexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justies the
  • Source
Show more

Similar Publications