A Prototype for Enforcing Usage Control Policies Based on XACML

  • Aliaksandr Lazouski
  • Fabio Martinelli
  • Paolo Mori
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7449)


The OASIS XACML standard emerged as a pure declarative language allowing to express access control. Later, it was enriched with the concept of obligations which must be carried out when the access is granted or denied. In our previous work, we presented U-XACML, an extension of XACML that allows to express Usage Control (UCON). In this paper we propose an architecture for the enforcement of U-XACML, a model for retrieving mutable attributes, and a proof-of-concept implementation of the authorization framework based on web-services.


Usage Control Access Control Policy Access Control Model Usage Session Policy Decision Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Logic in access control. In: Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science, Washington, DC, USA, p. 228 (2003)Google Scholar
  2. 2.
    Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous Usage Control features. In: Proceedings of CoreGRID ERCIM Working Group Workshop on Grids, P2P and Services Computing, pp. 133–146. Springer (2010)Google Scholar
  3. 3.
    OASIS XACML TC. eXtensible Access Control Markup Language (XACML) Version 3.0 (2010)Google Scholar
  4. 4.
    Park, J., Sandhu, R.: Towards usage control models: Beyond traditional access control. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, NY, USA, pp. 57–64 (2002)Google Scholar
  5. 5.
    Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security (TISSEC) 8(4), 351–387 (2005)CrossRefGoogle Scholar
  6. 6.
    Feng, J., Wasson, G., Humphrey, M.: Resource usage policy expression and enforcement in grid computing. In: IEEE/ACM International Workshop on Grid Computing, pp. 66–73 (2007)Google Scholar
  7. 7.
    Gheorghe, G., Crispo, B., Carbone, R., Desmet, L., Joosen, W.: Deploy, Adjust and Readjust: Supporting Dynamic Reconfiguration of Policy Enforcement. In: Kon, F., Kermarrec, A.-M. (eds.) Middleware 2011. LNCS, vol. 7049, pp. 350–369. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Hafner, M., Memon, M., Alam, M.: Modeling and enforcing advanced access control policies in healthcare systems with Sectet, pp. 132–144 (2008)Google Scholar
  9. 9.
    Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: SACMAT 2008: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, New York, USA, pp. 123–132 (2008)Google Scholar
  10. 10.
    Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4(2), 81–99 (2010)CrossRefGoogle Scholar
  11. 11.
    Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: AAA authorization framework (2000)Google Scholar
  12. 12.
    Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security (TISSEC) 11(1), 1–36 (2008)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Aliaksandr Lazouski
    • 1
  • Fabio Martinelli
    • 1
  • Paolo Mori
    • 1
  1. 1.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicerchePisaItaly

Personalised recommendations