A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
Towards usage control models: beyond traditional access control
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Digital Rights Management: Business and Technology
Digital Rights Management: Business and Technology
Lattice-Based Access Control Models
Computer
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
XrML -- eXtensible rights Markup Language
Proceedings of the 2002 ACM workshop on XML security
ACM SIGOPS Operating Systems Review
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Models and Languages for Digital Rights
HICSS '01 Proceedings of the 34th Annual Hawaii International Conference on System Sciences ( HICSS-34)-Volume 9 - Volume 9
PCASSO: applying and extending state-of-the-art security in the healthcare domain
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The Specification and Enforcement of Advanced Security Policies
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Understanding Trust Management Systems
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
DigiBox: a self-protecting container for information commerce
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
An attribute-based access matrix model
Proceedings of the 2005 ACM symposium on Applied computing
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Towards a dynamic multi-policy dissemination control model: (DMDCON)
ACM SIGMOD Record
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Safety analysis of usage control authorization models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Access control, confidentiality and privacy for video surveillance databases
Proceedings of the eleventh ACM symposium on Access control models and technologies
A usage-based authorization framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Flooding and recycling authorizations
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Personalization in privacy-aware highly dynamic systems
Communications of the ACM - Privacy and security in highly dynamic systems
Communications of the ACM - Privacy and security in highly dynamic systems
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Towards a VMM-based usage control framework for OS kernel integrity protection
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 12th ACM symposium on Access control models and technologies
A technical architecture for enforcing usage control requirements in service-oriented architectures
Proceedings of the 2007 ACM workshop on Secure web services
Security policy compliance with violation management
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Trading digital information goods based on semantic technologies
Journal of Theoretical and Applied Electronic Commerce Research
Managing Conflicts of Interest in Virtual Organisations
Electronic Notes in Theoretical Computer Science (ENTCS)
Extended RBAC-based design and implementation for a secure data warehouse
International Journal of Business Intelligence and Data Mining
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Usage control platformization via trustworthy SELinux
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A logical framework for history-based access control and reputation systems
Journal of Computer Security
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
Role engineering: From design to evolution of security schemes
Journal of Systems and Software
Security for Enterprise Resource Planning Systems
Information Systems Security
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP)
Patterns for session-based access control
Proceedings of the 2006 conference on Pattern languages of programs
Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet
Models in Software Engineering
Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Asynchronous policy evaluation and enforcement
Proceedings of the 2nd ACM workshop on Computer security architectures
A formal conceptual model for rights
Proceedings of the 8th ACM workshop on Digital rights management
Enforcing DRM policies across applications
Proceedings of the 8th ACM workshop on Digital rights management
Towards the development of privacy-aware systems
Information and Software Technology
Access Control of Federated Information Systems
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
DRM policies for web map service
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Fine-Grained Continuous Usage Control of Service Based Grids --- The GridTrust Approach
ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
Integrating usage control with SIP-based communications
Journal of Computer Systems, Networks, and Communications
A Formal Privacy Management Framework
Formal Aspects in Security and Trust
A trust degree based access control in grid environments
Information Sciences: an International Journal
Dynamic mandatory access control for multiple stakeholders
Proceedings of the 14th ACM symposium on Access control models and technologies
Configuring storage-area networks using mandatory security
Journal of Computer Security
Integrating Dirichlet reputation into usage control
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Law-aware access control for international financial environments
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
Secure Interoperation in Multidomain Environments Employing UCON Policies
ISC '09 Proceedings of the 12th International Conference on Information Security
Specification and Enforcement of Static Separation-of-Duty Policies in Usage Control
ISC '09 Proceedings of the 12th International Conference on Information Security
An Extended Role-Based Access Control Model for Delegating Obligations
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Policy Evolution in Distributed Usage Control
Electronic Notes in Theoretical Computer Science (ENTCS)
GoCoMM: a governance and compliance maturity model
Proceedings of the first ACM workshop on Information security governance
Applying quorum role in network management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Semantic Usage Policies for Web Services
ISWC '09 Proceedings of the 8th International Semantic Web Conference
Towards a Usage Control Policy Specification with Petri Nets
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Privacy in a Semantic Cloud: What's Trust Got to Do with It?
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Activity-oriented access control for ubiquitous environments
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
An ontology-based approach to react to network attacks
International Journal of Information and Computer Security
A new model for continuous network access control of trusted network connection
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
An opportunistic authority evaluation scheme for data security in crisis management scenarios
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Towards a times-based usage control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Secured web services based on extended usage control
PAKDD'07 Proceedings of the 2007 international conference on Emerging technologies in knowledge discovery and data mining
The research and implementation of a new B/S access control
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
Enforcing spatial constraints for mobile RBAC systems
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards session-aware RBAC administration and enforcement with XACML
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Formalization and management of group obligations
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
xDUCON: cross domain usage control through shared data spaces
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
On usage control for GRID systems
Future Generation Computer Systems
Distributed usage control architecture for business coalitions
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Journal of Theoretical and Applied Electronic Commerce Research
Semantic-based authorization architecture for Grid
Future Generation Computer Systems
An administrative model for UCONABC
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Secure cross-domain data sharing architecture for crisis management
Proceedings of the tenth annual ACM workshop on Digital rights management
An interoperable usage management framework
Proceedings of the tenth annual ACM workshop on Digital rights management
A labelling system for derived data control
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Infringo ergo sum: when will software engineering support infringements?
Proceedings of the FSE/SDP workshop on Future of software engineering research
Group-centric models for secure and agile information sharing
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Enforcing UCON policies on the enterprise service bus
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
A type system for access control views in object-oriented languages
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Negotiating and delegating obligations
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Engineering secure future internet services
The future internet
Applying a usage control model in an operating system kernel
Journal of Network and Computer Applications
A semantic privacy-preserving model for data sharing and integration
Proceedings of the International Conference on Web Intelligence, Mining and Semantics
xfACL: an extensible functional language for access control
Proceedings of the 16th ACM symposium on Access control models and technologies
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
Role-based secure inter-operation and resource usage management in mobile grid systems
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Usage control enforcement - a survey
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Chameleon: a model of identification, authorization and accountability for ubicomp
UIC'11 Proceedings of the 8th international conference on Ubiquitous intelligence and computing
CA-UCON: a context-aware usage control model
CASEMANS '11 Proceedings of the 5th ACM International Workshop on Context-Awareness for Self-Managing Systems
Defamation-free networks through user-centered data control:
STM'10 Proceedings of the 6th international conference on Security and trust management
Formal enforcement and management of obligation policies
Data & Knowledge Engineering
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Authrule: a generic rule-based authorization module
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Prox-RBAC: a proximity-based spatially aware RBAC
Proceedings of the 19th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems
Controlling access to documents: a formal access control model
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Specifying and analysing run-time security policies for time dependant services
Proceedings of the First International Workshop on Security and Privacy Preserving in e-Societies
UCONLEGAL: a usage control model for HIPAA
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
On practical specification and enforcement of obligations
Proceedings of the second ACM conference on Data and Application Security and Privacy
Deriving implementation-level policies for usage control enforcement
Proceedings of the second ACM conference on Data and Application Security and Privacy
Towards privacy-enhanced authorization policies and languages
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Secure model management operations for the web
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Usage policies for document compositions
ESWC'10 Proceedings of the 7th international conference on The Semantic Web: research and Applications - Volume Part II
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A data sharing agreement framework
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Context-Aware provisional access control
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Trusted isolation environment: an attestation architecture with usage control model
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Exploiting node mobility for coordinating data usage in crisis scenarios
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Datalog for security, privacy and trust
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
A distributed authorization system with mobile usage control policies
EUROCAST'11 Proceedings of the 13th international conference on Computer Aided Systems Theory - Volume Part I
Implementation of access control model for distributed information systems using usage control
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Constroid: data-centric access control for android
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
The authorization leap from rights to attributes: maturation or chaos?
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
PlexC: a policy language for exposure control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Survey: Usage control in computer security: A survey
Computer Science Review
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Challenging issues of UCON in modern computing environments
Proceedings of the Fifth Balkan Conference in Informatics
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Analysis of existing remote attestation techniques
Security and Communication Networks
Usage control in service-oriented architectures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Usage control model specification in XACML policy language
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
A role-based administration model for attributes
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
A new approach for delegation in usage control
Proceedings of the third ACM conference on Data and application security and privacy
An Integrated Approach for the Enforcement of Contextual Permissions and Pre-Obligations
International Journal of Mobile Computing and Multimedia Communications
When privacy and utility are in harmony: towards better design of presence technologies
Personal and Ubiquitous Computing
Beyond accountability: using obligations to reduce risk exposure and deter insider attacks
Proceedings of the 18th ACM symposium on Access control models and technologies
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
Sticky policies for mobile devices
Proceedings of the 18th ACM symposium on Access control models and technologies
SecureGov: secure data sharing for government services
Proceedings of the 14th Annual International Conference on Digital Government Research
A Trustworthy Usage Control Enforcement Framework
International Journal of Mobile Computing and Multimedia Communications
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Semantic-aware multi-tenancy authorization system for cloud architectures
Future Generation Computer Systems
Verification and enforcement of access control policies
Formal Methods in System Design
Using community structure to control information sharing in online social networks
Computer Communications
Journal of Computer Security - CSF 2010
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
| Hi-index | 0.00 |
In this paper, we introduce the family of UCONABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, delegation, and other important but second-order issues for later work. The term usage control is a generalization of access control to cover authorizations, obligations, conditions, continuity (ongoing controls), and mutability. Traditionally, access control has dealt only with authorization decisions on users' access to target resources. Obligations are requirements that have to be fulfilled by obligation subjects for allowing access. Conditions are subject and object independent environmental or system requirements that have to be satisfied for access. In today's highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Although they have been discussed occasionally in recent literature, most authors have been motivated from specific target problems and thereby limited in their approaches. The UCONABC model integrates these diverse concepts in a unified framework. Traditional authorization decisions are generally made at the time of requests but hardly recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied.Unlike other studies that have targeted on specific problems or issues, the UCONABC model seeks to enrich and refine the access control discipline in its definition and scope. UCONABC covers traditional access controls such as mandatory, discretionary, and role-based access control. Digital rights management and other modern access controls are also covered. UCONABC lays the foundation for next generation access controls that are required for today's real-world information and systems security. This paper articulates the core of this new area of UCON and develops several detailed models.