Security Enforcement Model for Distributed Usage Control

  • Authors:

  • Xinwen Zhang;Jean-Pierre Seifert;Ravi Sandhu

  • Affiliations:

  • -;-;-

  • Venue:
  • SUTC '08 Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Recently proposed usage control concept and models extend traditional access control models with features for contemporary distributed computing systems, including continuous access control in dynamic computing environments where subject attributes and system states can be changed. Particularly, this is very useful in specifying security requirements to control the usage of an object after it is released into a distributed environment, which is regarded as one of the fundamental security issues in many distributed systems. However, the enabling technology for usage control is a challenging problem and the space has not been fully explored yet. In this paper we identify the general requirements of a trusted usage control enforcement in heterogeneous computing environments, and then propose a general platform architecture and enforcement mechanism by following these requirements. According to our usage control requirements, we augment the traditional SELinux MAC enforcement mechanism by considering subject/object integrity and environmental information. The result shows that our framework is effective in practice and can be seen as a general solution for usage control in distributed and pervasive computing environments with widely deployed trusted computing technologies on various computing devices.