An Administrative Model for UCON
نویسندگان
چکیده
UCONABC is an emerging access control framework that lacks an administration model. In this paper we define the problem of administration and propose a novel administrative model. At the core of this model is the concept of attribute, which is also the central component of UCONABC . In our model, attributes are created by the assertions of subjects, which ascribe properties/rights to other subjects or objects. Through such a treatment of attributes, administration capabilities can be delegated from one subject to another and as a consequence UCONABC is improved in three aspects. First, immutable attributes that are currently considered as external to the model can be incorporated and thereby treated as mutable attributes. Second, the current arbitrary categorisation of users (as modifiers of attributes), to system and administrator can be removed. Attributes and objects are only modifiable by those who possess administration capability over them. Third, the delegation of administration over objects and properties that is not currently expressible in UCONABC is made possible.
منابع مشابه
A New Modeling Paradigm for Dynamic Authorization in Multi-domain Systems
The emergence of powerful, full-featured and small formfactor mobile devices enables rich services to be offered to it’s users. As the mobile user interacts with multiple administrative domains, he acquires various attributes. In such dynamic usage scenarios, attributes from one domain are interpreted and used in another domain. This motivates the need for dynamic authorization at the time of i...
متن کاملTowards an Engineering Framework for Usage Control and Digital Rights Management
The recent popularity of digital information sharing through networking requires new technologies to protect intellectual property rights or digital copyrights. The concept of digital rights management (DRM) has been introduced in this arena. DRM is largely focused on payment-based controls for digital information dissemination and its use. The principal motivation is generation and protection ...
متن کاملFormal Model and Analysis of Usage Control
FORMAL MODEL AND ANALYSIS OF USAGE CONTROL Xinwen Zhang, Ph.D. George Mason University, 2006 Dissertation Director: Ravi S. Sandhu Dissertation Co-director: Francesco Parisi-Presicce The concept of usage control (UCON) was introduced as a unified approach to capturing a number of extensions for access control models and systems. In UCON, a control decision is determined by three aspects: author...
متن کاملUsage Control Model Specification in XACML Policy Language - XACML Policy Engine of UCON
Usage control model (UCON) is one of the emerging and comprehensive attribute based access control model that has the ability of monitoring the continuous updates in a system making it better than the other models of access control. UCON is suitable for the distributed environment of grid and cloud computing platforms however the proper formulation of this model does not exist in literature in ...
متن کاملComponent Lifecycle and Concurrency Model in Usage Control (UCON) System
Access control is one of the most challenging issues facing information security. Access control is defined as, the ability to permit or deny access to a particular computational resource or digital information by an unauthorized user or subject. The concept of usage control (UCON) has been introduced as a unified approach to capture a number of extensions for access control models and systems....
متن کاملThe PEI + UCON Framework for Application Security
There is no security without application context. Only application context can make clear the tradeoffs between security, performance, usability and cost, and further the tradeoffs between conflicting security objectives such as confidentiality, integrity and availability. To capture application security policy we need a more sophisticated model than traditional access control provides. To this...
متن کامل