The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Efficient Computation of LALR(1) Look-Ahead Sets
ACM Transactions on Programming Languages and Systems (TOPLAS)
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Authorization in Distributed Systems: A Formal Approach
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
Modular authorization and administration
ACM Transactions on Information and System Security (TISSEC)
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Towards a VMM-based usage control framework for OS kernel integrity protection
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Security Enforcement Model for Distributed Usage Control
SUTC '08 Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
Access control: principle and practice
IEEE Communications Magazine
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Distributed goal-oriented computing
Journal of Systems and Software
Hi-index | 0.00 |
Operating systems traditionally use access control mechanisms to manage access to system resources like files, network connections, and memory areas. However, classic access control models are not suitable for regulating access to the diversity of ways data is available and used today. Modern usage control models go beyond traditional access control, addressing its limitations related to attribute mutability and continuous usage permission validation. The recently proposed UCON"A"B"C model establishes a predicate-based framework to satisfy the new access/usage control needs in computing systems. This paper defines a usage control model based on UCON"A"B"C and describes a framework to implement it in an operating system kernel, on top of the existing DAC mechanism. A language for representing usage control entities and rules is also proposed, and some typical access/usage control scenarios are represented using it, to show its usefulness. Finally, a prototype of the proposed framework was built in an operating system kernel, to control the usage of local files. The prototype evaluation shows that the proposed model is feasible, straightforward, and may serve as a basis for more complex usage control frameworks.