Concurrent History-based Usage Control Policies

In this paper, a new Use-based usage CONtrol (UseCON) approach that supports recording of usages with the help of a new entity, named use, is presented. Uses provide information for the latest state (requested, active, denied, completed or terminated) of every usage and facilitate the fine-grained definition and proper association of attributes to various system entities. The proposed approach provides enhanced contextual information modeling, support of complicated access modes and an alternative approach in obligations modeling. Moreover, UseCON is characterized by high expressiveness and ability to define policy rules in almost natural language.

2008

The usage control model (UCON) has been proposed to augment traditional access control models by integrating authorizations, obligations, and conditions and providing the properties of decision continuity and attribute mutability. Several recent work have applied UCON to support security requirements in different computing environments such as resource sharing in collaborative computing systems and data control in remote platforms. In this paper we identify two individual but interrelated problems of the original UCON model and recent implementations: oversimplifying the concept of usage session of the model, and the lack of comprehensive ongoing enforcement mechanism of implementations. We extend the core UCON model with continuous usage sessions thus extensively augment the expressiveness of obligations in UCON, and then propose a general, continuity-enhanced and configurable usage control enforcement engine. Finally we explain how our approach can satisfy flexible security requirements with an implemented prototype for a healthcare information system.

ACM Conference on Computer and Communications Security, 2008

Usage control is a generalization of access control that also addresses how data is used after it is released. This prob- lem is particularly challenging in distributed settings, where servers, acting as data providers, release sensitive data to clients, acting as data consumers. We present a formal model for dierent mechanisms that can enforce usage con- trol policies on the

This research was motivated by the fact that traditional IT security approaches that focus on perimeter security by protecting network edges, firewalls and application endpoints appear to be deteriorating due to the introduction of the cloud concept whose architecture is more of bundled infrastructure and shared resources. Data are widely shared and data owners are losing control over the collection of personal information, their processing and usage as well as sharing with third parties. All these are done without regard to the choices and privacy preferences of the data owner. In this research, a data governance solution using sticky policies was designed and implemented using .NET 4.5 Framework with ASP.NET web application development technology. C# supported in the framework serves as the server-side programming language. This framework also integrates with the Microsoft SQL Server version 11.00.2100 which then serves as profile data and sticky policies repository hosted locally at the development stage. A user is able to create and manage profile information by supplying core data and specifying whether or not a piece of data can be shared with a third party or not for a given usage purpose and in what format. Third party applications are required to maintain verifiable credentials in the system and are permitted to request for user’s profile information via a web service hosted in the cloud. The policy engine in the system is able to interpret user aggregated sticky policies to determine if data can be shared and how it can be shared as a mark of respect to the choices of the data owner.

International Journal of Security, Privacy and Trust Management, 2014

In an organization specifically as virtual as cloud there is need for access control systems to constrain users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access to confidential data the third party auditing and accounting is done which could stir up further data leaks. To control such data leaks and integrity, in past several security policies based on role, identity and user attributes were proposed and found ineffective since they depend on static policies which do not monitor data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to store metadata on the subject of data alteration which is universally called as the Provenance Information. This paper presents a provenance-policy based access control model which is designed and integrated with the system that not only makes data auditable but also incorporates accountability for data alteration events.

Modern collaborative systems such as the Grid computing paradigm are capable of providing resource sharing between users and platforms. These collaborations need to be done in a transparent way among the participants of a virtual organization (VO). A VO may consist of hundreds of users and heterogeneous resources. In order to have a successful collaboration, a list of vital importance requirements should be fulfilled, viz. collaboration among domains, to ensure a secure environment during a collaboration, the ability to enforce usage constraints upon resources, and to manage the security policies in an easy and efficient way. In this article, we propose an enhanced role based access control model entitled domRBAC for collaborative applications, which is based on the ANSI INCITS 359-2004 access control model. The domRBAC is capable of differentiating the security policies that need to be enforced in each domain and to support collaboration under secure inter-operation. Cardinality constraints along with context information are incorporated to provide the ability of applying simple usage management of resources for the first time in a role-based access control model. Furthermore, secure inter-operation is assured among collaborating domains during role assignment automatically and in real-time. Yet, domRBAC, as an RBAC approach, intrinsically inherits all of its virtues such as ease of management, and separation of duty relationships with the latter also being supported in multiple domains. As a proof of concept, we implement a simulator based on the definitions of our proposed access control model and conduct experimental studies to demonstrate the feasibility and performance of our approach.

International Journal of Information Security and Privacy, 2000

Most access control models have formal access control rules to govern the authorization of a request from a principal. In pervasive and collaborative environments, the behaviors of a principal are uncertain due to partial information. Moreover, the attributes of a principal, requested objects, and contexts of a request are mutable during the collaboration. A variety of such uncertainty and mutability pose challenges when resources sharing must happen in the collaborative environment. In order to address the above challenges, we propose a framework to integrate trust management into a usage control model in order to support decision making in an ever-changing collaborative environment. First, a trust value of a principal is evaluated based on both observed behaviors and peer recommendations. Second, the usage-based access control rules are checked to make decisions on resource exchanges. Our framework handles uncertainty and mutability by dynamically disenrolling untrusted principals and revoking granted on-going access if access control rules are no longer met. We have applied our trust-based usage control framework to an application of file sharing.

Journal of Systems Architecture, 2011

The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practitioners and policy makers have specified a large variety of access control policies to address real-world security issues, only a relatively small subset of these policies can be enforced through off-the-shelf technology, and even a smaller subset can be enforced by any one mechanism. In this paper, we propose an access control framework, referred to as the Policy Machine (PM) that fundamentally changes the way policy is expressed and enforced. Employing PM helps in building high assurance enforcement mechanisms in three respects. First, only a relatively small piece of the overall access control mechanism needs to be included in the host system (e.g., an operating system or application). This significantly reduces the amount of code that needs to be trusted. Second, it is possible to enforce the precise policies of resource owners, without compromise on enforcement or resorting to less effective administrative procedures. Third, the PM is capable of generically imposing confinement constraints that can be used to prevent leakage of information to unauthorized principals within the context of a variety of policies to include the commonly implemented Discretionary Access Control and Role-Based Access Control models.

1999

We propose here a mechanism for history-dependent access control for a distributed object-oriented system, implemented using reflection. In a history-dependent access control system, access is decided based not only on the current request, but also on the previous history of accesses to some entity or service. We consider timing constraints expressed using temporal logic, and we describe a possible implementation for our mechanism. The expected benefits from the reflective approach are: more stability of the security layer (i.e., with a more limited number of hidden bugs), better software modularity, more reusability, and the possibility to adapt the security module with relatively few changes to other applications and other authorisation policies.

2010

The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practitioners and policy makers have specified a large variety of access control policies to address real-world security issues, only a relatively small subset of these policies can be enforced through off-the-shelf technology, and even a smaller subset can be enforced by any one mechanism. In this paper, we propose an access control framework, referred to as the Policy Machine (PM) that fundamentally changes the way policy is expressed and enforced. Employing PM helps in building high assurance enforcement mechanisms in three respects. First, only a relatively small piece of the overall access control mechanism needs to be included in the host system (e.g., an operating system or application)....