Usage control in computer security: A survey

Protecting access to digital resources is one of the fundamental problems recognized in the computer security. It yet remains a challenging problem to work out starting from the design of a system till its implementation. Access control is defined as the ability to permit or deny to access a particular resource (object) to a particular entity (subject). Three most widely used traditional access control models are: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). Traditional access control solutions do not respond adequately to new challenges addressed by modern computer systems. Today highly-distributed, network-connected, heterogeneous and open computing environment requires a fine-grained, flexible, persistent and continuous model for protecting the access and usage of digital resources. This paper surveys the literature on Usage Control (UCON) model proposed by R. Sandhu and J. Park [1, 2, 3]. Usage control is the novel and promising approach for access control in open, distributed, heterogeneous and network-connected computer environments. It encompasses and enhances traditional access control models, Trust Management (TM) and Digital Rights Management (DRM), and its main novelties are mutability of attributes and continuity of access decisions evaluation.