Authors: P. Ghann, J. Shiguang, C. Zhou

Abstract:

Access control is one of the most challenging issues facing information security. Access control is defined as, the ability to permit or deny access to a particular computational resource or digital information by an unauthorized user or subject. The concept of usage control (UCON) has been introduced as a unified approach to capture a number of extensions for access control models and systems. In UCON, an access decision is determined by three factors: authorizations, obligations and conditions. Attribute mutability and decision continuity are two distinct characteristics introduced by UCON for the first time. An observation of UCON components indicates that, the components are predefined and static. In this paper, we propose a new and flexible model of usage control for the creation and elimination of some of these components; for example new objects, subjects, attributes and integrate these with the original UCON model. We also propose a model for concurrent usage scenarios in UCON.

Keywords: Access Control, Concurrency, Digital container, Usage control.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1096685

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1806

References:

[1] Alnemr R, Koenig S, Eymann T, Meinel C, (2010). Enabling usage control through reputation objects: A discussion on e-commerce and the Internet of services environments. Journal of theoretical and applied electronic commerce research 5(2): 59-76.
[2] Lazouski A, Martinelli F, Mori P, (2010). Usage control in computer security: A survey. Computer Science Review, 4(2): 81-99.
[3] Basin D, Harvan M, Klaedtke F, Zalinescu E, (2011). Monitoring usage-control policiesin distributed systems. In: IEEE Eighteenth International Symposium on Temporal Representation and Reasoning (TIME), p. 88-95.
[4] Zhao B, Sandhu R, Zhang X, Qin X, (2007). Towards a times-based usage control model. In: Data and Applications Security XXI, Springer Berlin Heidelberg. p. 227-242.
[5] Maler, E, (2010). Controlling Data Usage with User-Managed Access (UMA). In: W3C Privacy and Data Usage Control Workshop, Cambridge
[6] Sastry M, Krishnan R, (2007), A new modeling paradigm for dynamic authorization in multi-domain systems. In: Computer Network Security; Springer Berlin Heidelberg, p. 153-158.
[7] Katt B, Zhang X, Breu R, Hafner M, Seifert JP, (2008). A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of the 13th ACM symposium on Access control models and technologies; New York, NY, USA: ACM; 2008. p. 123-132.
[8] Basin D., Harvan M., Klaedtke F and Zălinescu E, (2012). MONPOLY: Monitoring usage-control policies. In: Runtime Verification, Springer Berlin Heidelberg, 360-364.
[9] Wu J, Shimamoto S, (2010). Usage control based security access scheme for wireless sensor networks. In: 2010 IEEE International Conference on Communications (ICC), p. 1-5.
[10] Zhang X, (2006). Formal model and analysis of usage control. Ph.D. Thesis, George Mason University, Fairfax, VA, USA.
[11] Boyapati C., Lee R., and Rinard M, (2002). Ownership types for safe programming: Preventing data races and deadlocks. OOPSLA.
[12] Boyland J, (2003). Checking interference with fractional permissions. In R. Cousot, editor, Static Analysis: 10th International Symposium, volume 2694 of Lecture Notes in Computer Science, pages 55–72, Berlin, Heidelberg, New York, Springer.
[13] Dijkstra E. W, (1971) Hierarchical ordering of sequential processes. Acta Informatica, 1 2:115–138
[14] Dijkstra E. W, (1968) Cooperating sequential processes. In F. Genuys, editor, Programming Languages, pages 43–112. Academic Press.
[15] Hansen P. B; 1972; Structured multiprogramming. Comm. ACM, 15(7): 574–578
[16] Hoare C. A. R, (1972) Towards a theory of parallel programming. In Hoare and Perrot, editors, Operating Systems Techniques. Academic.
[17] O’Hearn P. W. and Pym D. J (1999) The logic of bunched implications. Bulletin of Symbolic Logic, 5(2): 215–244.
[18] Owicki S. and Gries D, (1976). Verifying properties of parallel programs: An axiomatic approach. Comm. ACM, 19(5): 279–285, 1976.
[19] Andrews G (1991); Concurrent programming: principles and practice. Benjamin/Cummings
[20] Reynolds, J. C. (2005). Toward a grainless semantics for shared-variable concurrency. In FSTTCS 2004: Foundations of Software Technology and Theoretical Computer Science (pp. 35-48). Springer Berlin Heidelberg
[21] Gotsman A.,Yang, H, (2011). Liveness-preserving atomicity abstraction. InAutomata, Languages and Programming (pp. 453-465). Springer Berlin Heidelberg.
[22] Chen, J. K., Huang, Y. F., Chin, Y. H, (1997). A study of concurrent operations on R-trees. Information Sciences, 98(1), 263-300.
[23] O’Hearn P.W, (2007). Resources, concurrency, and local reasoning. Theoretical computer science, 375(1): 271-307.
[24] Brookes S. D, (2005). A semantics for concurrent separation logic. Theoretical Computer Science, this Volume. Preliminary version appeared in Proceedings of the 15th CONCUR (2004), LNCS 3170, pp16-34.
[25] Sen K, (2008). Race directed random testing of concurrent programs. In: ACM SIGPLAN Notices 43(6): 11-21.
[26] Lu S, Tucek J, Qin F, Zhou Y, (2006). AVIO: detecting atomicity violations via access interleaving invariants. In: ACM SIGARCH Computer Architecture News, p. 37-48.
[27] Rajkumar P.V, Ghosh S.K, Dasgupta P, (2009). Application specific usage control implementation verification. International Journal of Network Security and Its Applications, 1(3):116-128.
[28] Rajkumar P.V, Ghosh S.K, Dasgupta P, (2010). Concurrent Usage Control Implementation Verification Using the SPIN Model Checke