Towards a Usage Control Policy Specification with Petri Nets

Authors:
Basel Katt;Xinwen Zhang;Michael Hafner
Affiliations:
University of Innsbruck, Austria;Samsung Information Systems America, San Jose, USA;University of Innsbruck, Austria
Venue:
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Year:
2009

Citing 7
Cited 2

The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Formal model and policy specification of usage control

ACM Transactions on Information and System Security (TISSEC)
A note on the formalisation of UCON

Proceedings of the 12th ACM symposium on Access control models and technologies
A general obligation model and continuity: enhanced policy enforcement engine for usage control

Proceedings of the 13th ACM symposium on Access control models and technologies
Usage Control Enforcement: Present and Future

IEEE Security and Privacy
Concurrent Enforcement of Usage Control Policies

POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
A policy language for distributed usage control

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Modeling TCG-Based secure systems with colored petri nets

INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Automatic information flow analysis of business process models

BPM'12 Proceedings of the 10th international conference on Business Process Management

Quantified Score

Hi-index	0.01

Visualization

Abstract

Access control aims at restricting access to resources instantly. However, in collaborative computing environments with shared resources and distributed right management systems more advanced controlling mechanisms are required. For example, the control of the usage of a resource may need to be continuous, obligations is required, and concurrency is an important aspect when different users use a shared resource. To overcome these shortcomings of traditional access control, usage control has been proposed and investigated recently. In this paper we introduce a new usage control policy specification. Beyond existing approaches, the novelty of our policy is threefold: first, the ability to integrate the functional and security aspects of the system, thus lending support to control system behavior continuously. Second, post obligation is supported in a way that a violation of any rule during the current usage session, or after it ends, can affect the decisions of future usages. Finally, concurrency rules are embodied in the policy model, thus concurrent usages by different users to shared resources are controlled.