Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Survey: Usage control in computer security: A survey
Computer Science Review
A new approach for delegation in usage control
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
In this dissertation I develop the concept of Usage Control (UCON) that encompasses traditional access control, trust management, and digital rights management and goes beyond them in its definition and scope. While usage control concepts have been mentioned off and on in the security literature for some time, there has been no clear definition nor systematic treatment. By unifying these diverse disciplines in a single framework, UCON offers a promising approach for the next generation of access control. Traditional access control has focused on a closed system where all users are known and primarily utilizes a server-side reference monitor within the system. Trust management has been introduced to cover authorization for strangers in an open environment such as the Internet. Digital rights management has mainly dealt with client-side control of digital information usage focusing on intellectual property rights protection. Each of these areas is motivated by its own specific target problem. Innovations in information technology and business models are creating new security and privacy issues which require elements of all three areas. To deal with these in a systematic unified manner I propose the new concept of usage control or UCON.By including obligations, conditions, ongoing controls, and mutability as well as authorizations, and by relaxing closed system limits, usage control lays the foundation for the next generation access control that is required for today's highly distributed and network-connected digital environment. UCON enables finer-grained control over usage of digital resources than that of traditional access control policies and models; for example, print once as opposed to unlimited printing. Unlike traditional access control or trust management, it covers both a centrally controllable environment and one where central control authority is not available. In this dissertation, I develop a unified framework for usage control mainly focusing on models and architectures. A family of ABC models is developed as a core model for usage control. ABC models integrate obligations, conditions as well as authorizations for usage decision making. They also cover continuity and mutability issues which have not been discussed clearly nor comprehensively in previous studies. By covering continuity and mutability properties, ABC provides finer and richer control capabilities. I further develop security architectures for usage control that utilize a client-side reference monitor (CRM) which is an important concept that enables client-side usage control. As part of usage control applications, UCON management and originator control policies in UCON are discussed based on UCON models and architectures. I also present some potential approaches that can provide valuable directions for future extensions.