A new approach for delegation in usage control

UCON (Usage Control), a recent access control model, allows temporal control of the usage of permissions according to three criteria: Authorizations, oBligations and Conditions. In this paper, we investigate delegation in UCON and propose a new approach to achieve user-user total and partial delegations with the enforcement of constraints by taking advantage of UCON's existing components: Authorizations, oBligations and Conditions. The approach we propose can be modified and extended, without much effort, to other access control models accommodated by UCON and to a distributed environment.

[1]  Francesco Parisi-Presicce,et al.  Formal model and analysis of usage control , 2006 .

[2]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[3]  He Wang,et al.  An Administrative Model for Role Graphs , 2003, DBSec.

[4]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[5]  He Wang,et al.  Delegation in the role graph model , 2006, SACMAT '06.

[6]  Jaehong Park,et al.  Usage control: a unified framework for next generation access control , 2003 .

[7]  Lin Yang,et al.  Research on Usage Control Model with Delegation Characteristics Based on OM-AM Methodology , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[8]  Ravi S. Sandhu,et al.  The PEI framework for application-centric security , 2009, 2009 Proceedings of the 1st International Workshop on Security and Communication Networks.

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Zhong Chen,et al.  An Improved Scheme for Delegation Based on Usage Control , 2008, 2008 Second International Conference on Future Generation Communication and Networking.

[11]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[12]  Jean-Pierre Seifert,et al.  A general obligation model and continuity: enhanced policy enforcement engine for usage control , 2008, SACMAT '08.

[13]  Ed Dawson,et al.  An Administrative Model for UCON ABC , 2010, AISC.

[14]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[15]  He Wang,et al.  Static and Dynamic Delegation in the Role Graph Model , 2011, IEEE Transactions on Knowledge and Data Engineering.

[16]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[17]  Ed Dawson,et al.  An administrative model for UCON , 2010, ISC 2010.