Abstract
The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes. Yet, as we presented in an earlier article, a number of improvements can be introduced to the standard model regarding its resilience on active attacks, the simplification of the policy writing, but also in terms of run-time efficiency and scalability. In this article, we present an enhanced usage control architecture, that was developed for tackling the aforementioned issues. In order to achieve that, a dynamic role allocation system will be added to the existing architecture, alongside with a service grouping functionality which will be based on attribute aggregation. This is structured in accordance to a risk-based framework, which has been developed in order to aggregate the risk values that the individual attributes encapsulate into a unified risk value. These architectural enhancements are utilized in order to improve the resilience, scalability, and run-time efficiency of the existing model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids, P2P and Services Computing, pp. 133–146. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6794-7_11
De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol. 3433, pp. 225–237. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31970-2_18
Gkioulos, V., Rizos, A., Michailidou, C., Martinelli, F., Mori, P.: Enhancing usage control for performance: a proposal for systems of systems. In: The International Conference on High Performance Computing and Simulation, HPCS 2018 (2018, To Appear)
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. National Institute of Standards and Technology (NIST) Special Publication, 800(162) (2013)
La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Improving MQTT by inclusion of usage control. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 545–560. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_43
Lazouski, A., Martinelli, F., Mori, P.: Survey: usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)
Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful data usage control for android mobile devices. Int. J. Inf. Secur. 16(4), 1–25 (2016)
Martinelli, F., Michailidou, C., Mori, P., Saracino, A.: Too long, did not enforce: a qualitative hierarchical risk-aware data usage control model for complex policies in distributed environments. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, CPSS@AsiaCCS 2018, 04–08 June 2018, Incheon, Republic of Korea, pp. 27–37 (2018)
Moore, B., Ellesson, E., Strassner, J., Westerinen, A.: RFC 3060: Policy Core Information Model - Version 1 Specification, February 2001
O’Connor, A.C., Loomis, R.J.: 2010 economic analysis of role-based access control. NIST, Gaithersburg, MD (2010)
Park, J., Sandhu, R.: The UCONabc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Saaty, R.W.: The analytic hierarchy process - what it is and how it is used. Math. Model. 9(3), 161–176 (1987)
Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45608-2_3
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Shirey, R.: RFC 4949: Internet Security Glossary - Version 2, August 2007
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)
Acknowledgments
This work has been partially funded by EU Funded project H2020 NeCS, GA #675320.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Gkioulos, V., Rizos, A., Michailidou, C., Mori, P., Saracino, A. (2019). Enhancing Usage Control for Performance: An Architecture for Systems of Systems. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2018 2018. Lecture Notes in Computer Science(), vol 11387. Springer, Cham. https://doi.org/10.1007/978-3-030-12786-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-12786-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12785-5
Online ISBN: 978-3-030-12786-2
eBook Packages: Computer ScienceComputer Science (R0)