Towards usage control models: beyond traditional access control
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Using Authority Certificates to Create Management Structures
Revised Papers from the 9th International Workshop on Security Protocols
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Distributed credential chain discovery in trust management
Journal of Computer Security
Originator Control in Usage Control
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
A usage-based authorization framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Decentralized authorization in a database system
VLDB '79 Proceedings of the fifth international conference on Very Large Data Bases - Volume 5
Research on Usage Control Model with Delegation Characteristics Based on OM-AM Methodology
NPC '07 Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops
The Research and Application of Resource Dissemination Based on Credibility and UCON
CIS '07 Proceedings of the 2007 International Conference on Computational Intelligence and Security
Controllable Delegation Model Based on Usage and Trustworthiness
KAM '08 Proceedings of the 2008 International Symposium on Knowledge Acquisition and Modeling
A new approach for delegation in usage control
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
UCONABC is an emerging access control framework that lacks an administration model. In this paper we define the problem of administration and propose a novel administrative model. At the core of this model is the concept of attribute, which is also the central component of UCONABC. In our model, attributes are created by the assertions of subjects, which ascribe properties/rights to other subjects or objects. Through such a treatment of attributes, administration capabilities can be delegated from one subject to another and as a consequence UCONABC is improved in three aspects. First, immutable attributes that are currently considered as external to the model can be incorporated and thereby treated as mutable attributes. Second, the current arbitrary categorisation of users (as modifiers of attributes), to system and administrator can be removed. Attributes and objects are only modifiable by those who possess administration capability over them. Third, the delegation of administration over objects and properties that is not currently expressible in UCONABC is made possible.