The term usage control (UCON) is a generalization of access control to cover obligations, conditions, continuity (ongoing controls) and mutability. Traditionally, access control has dealt only with authorization decisions on a subject’s access to target resources. Obligations are requirements that have to be fulfilled by the subject for allowing access. Conditions are subject and object-independent environmental requirements that have to be satisfied for access. In today’s highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Traditional authorization decisions are generally made at the time of request but typically do not recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied. In this paper we motivate the need for usage control, define a family of ABC models as a core model for usage control and show how it encompasses traditional access control, such as mandatory, discretionary and role-based access control, and more recent requirements such as trust management, and digital rights management. In addition, we also discuss architectures that introduce a new reference monitor for usage control and some variations.
[1]
E. F. Michiels,et al.
ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework
,
1996
.
[2]
Jaehong Park,et al.
Originator Control in Usage Control
,
2002,
POLICY.
[3]
Jaehong Park,et al.
Towards usage control models: beyond traditional access control
,
2002,
SACMAT '02.
[4]
David A. Bell,et al.
Secure computer systems: mathematical foundations and model
,
1973
.
[5]
Jeffrey D. Ullman,et al.
Protection in operating systems
,
1976,
CACM.
[6]
John S. Erickson.
Fair use, DRM, and trusted computing
,
2003,
CACM.
[7]
Jaehong Park,et al.
Security architectures for controlled digital information dissemination
,
2000,
Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).