Towards a times-based usage control model

Authors:
Baoxian Zhao;Ravi Sandhu;Xinwen Zhang;Xiaolin Qin
Affiliations:
George Mason University, Fairfax, VA;Institute for Cyber-Security Research, Univ. of Texas at San Antonio;Samsung Information Systems America, San Jose, CA;Nanjing University of Aeronautics and Astronautics, Nanjing, China
Venue:
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Year:
2007

Citing 20
Cited 2

A temporal authorization model

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
An access control model supporting periodicity constraints and temporal reasoning

ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
Maintaining knowledge about temporal intervals

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
An authorization model for temporal and derived data: securing information portals

ACM Transactions on Information and System Security (TISSEC)
A Temporal Access Control Mechanism for Database Systems

IEEE Transactions on Knowledge and Data Engineering
Role Hierarchies and Constraints for Lattice-Based Access Controls

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Access Control: The Neglected Frontier

ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
Protection

ACM SIGOPS Operating Systems Review
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control

Proceedings of the ninth ACM symposium on Access control models and technologies
A compositional framework for access control policies enforcement

Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
Formal model and policy specification of usage control

ACM Transactions on Information and System Security (TISSEC)
Protection: principles and practice

AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference

Survey: Usage control in computer security: A survey

Computer Science Review
Implementing erasure policies using taint analysis

NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modern information systems require temporal and privilege-consuming usage of digital objects. To meet these requirements, we present a new access control model-Times-based Usage Control (TUCON). TUCON extends traditional and temporal access control models with times-based usage control by defining the maximum times that a privilege can be exercised. When the usage times of a privilege is consumed to zero or the time interval of the usage is expired, the privilege exercised on the object is automatically revoked by the system. Formal definitions of TUCON actions and rules are presented in this paper, and the implementation of TUCON is discussed.