Abstract
Modern information systems require temporal and privilege-consuming usage of digital objects. To meet these requirements, we present a new access control model–Times-based Usage Control (TUCON). TUCON extends traditional and temporal access control models with times-based usage control by defining the maximum times that a privilege can be exercised. When the usage times of a privilege is consumed to zero or the time interval of the usage is expired, the privilege exercised on the object is automatically revoked by the system. Formal definitions of TUCON actions and rules are presented in this paper, and the implementation of TUCON is discussed.
Keywords
- Access Control
- Usage Control
- Times-based Usage Control
- TUCON
- Authorization
Chapter PDF
References
Gal, A., Atluri, V.: An Authorization Model for temporal Data. ACM Transactions on Information and System Security 5(1) (Feburary 2002)
Lampson, B.W.: Protection. 5th Princeton Symposium on Information Science and Systems (1971), Reprinted in ACM Operating Systems Review, 8(1), 18-24 (1974)
Landwehr, C.: Protection (Security) Models and Policy. In: The Computer Science and Engineering Handbook, pp. 1914–1928. CRC Press, USA (1997)
Bell, D.E., Lapadula, L.J.: Secure computer systems: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306,The Mitre Corporation, Bedford, MA (March 1975)
Denning, D.E.: A lattice Model of secure information flow. Communications of ACM 19(5), 236–243 (1976)
Downs, D.D., Rub, J.R., Kung, K.C, Jordan, C.S.: Issues in discretionary access control. In: The procceding of IEEE Symposium on Research in Security and Privacy, pp. 208–218. IEEE Press, NJ, New York (1985)
Bertino, E., Bettini, C., Samarati, P.: A Temporal Authorization Model. CCS 1994, l/94 Fairfax Va, USA (1994)
Bertino, E., Bettini, C., Samarati, P.: A Temporal Access Control Mechanism for Database Systems. IEEE Transactions on Knowledge and DataEngineering 8(1) (Feburary 1996)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning. ACM Transactionon Database Systems 23(3) (September 1998)
Bertino, E., Bonatti, P.A, Ferrari, E.: TRBAC: A Temporal Role-based Access Control Model. ACM Transactionon on Information and System Security 4(3), 191–233 (2001)
Kargl, F., Maier, J., Weber, M.: Protecting Web Servers from Distributed Denial of Service Attacks. In: Proceedings of WWW ’10, pp. 514-525 (2001)
Graham, G.S., Denning, P.J.: Protection - Principles and Practice. In: Proceedings of the AFIPS Srping Joint Computer Conference, vol. 40, pp. 417–429. AFIPS Press (May 16-18, 1972)
James, B.D., Joshi, E., Bertino, U., Latif, A., Ghafoo, A.: A Generalized Temporal Role-Based Access Control Model. IACM Transactionon on Knoledge and Data Engineering 17(1), 4–23 (2005)
Park, J., Zhang, X., Sandhu, R.: The Usage Control Model. In: ACM Transactions on Information and Systems Security, ACM Press, New York (Feburary 2004)
Park, J., Zhang, X., Sandhu, R.: Attribute Mutability in Usage Control. IFIP WG 11.3 (November 2004)
Allen, J.F.: Maintaining Knowledge about Temporal Intervals. Communications of ACM 26 (November 1983)
Lo, J.: Denial of Service or ”Nuke” Attacks (March 12, 2005), http://www.irchelp.org/irchelp/nuke/
Doerr, M., Yiortsou, A.: Implementing a Temporal Datatype. Technical Report ICS-FORTH/TR-236 (November 1998)
Kudo, M., Hada, S.: XML Document Security based on Provisional Authorization. In: CCS 2000, Athens, Greece, ACM Press, New York (2000)
Weaver, N.: Warhol Worms: The Potential for Very Fast Internet Plagues, http://www.cs.berkeley.edu/nweaver/warhol.html
Griffiths, G.S., Wade, B.W.: An authorization mechanism for a relational database system. ACM Transactions On Database Systems 1(3), 242–255 (1976)
Sandhu, R.: Access Control: The Neglected Frontier (Keynote Lecture). In: Australasian Conference on Information Security and Privacy (1996)
Sandhu, R.: Role Hierarchies and Constraints for Lattice-Based Access Controls. In: European Symposium on Research in Security and Privacy (1996)
Sandhu, R., Park, J.: Usage Control: A Vision for Next Generation Access Control. In: Models and Architectures for Computer Networks Security. The Second International Workshopon Mathematical Methods (2003)
Siewe, F., Cau, A., Zedan, H.: A Compositional Framework for Access Control Policies Enforcement. In: Proceeding of the ACM Workshop on Formal Methods in Security Engineering, ACM Press, New York (2003)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: IEEE Symposium On Research in Security and Privacy, Oakland, California (1997)
Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A Logical Specification for Usage Control. In: 9th ACM Symposium on Access Control Models and Technologies (SACMAT), ACM Press, New York (June 2-4, 2004)
Zhang, X., Parisi-Presicce, F., Park, J., Sandhu, R.: Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security (TISSEC) 8(4), 351–387 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zhao, B., Sandhu, R., Zhang, X., Qin, X. (2007). Towards a Times-Based Usage Control Model . In: Barker, S., Ahn, GJ. (eds) Data and Applications Security XXI. DBSec 2007. Lecture Notes in Computer Science, vol 4602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73538-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-73538-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73533-5
Online ISBN: 978-3-540-73538-0
eBook Packages: Computer ScienceComputer Science (R0)