article

Formal model and policy specification of usage control

Authors:

Xinwen Zhang,

Francesco Parisi-Presicce,

Ravi Sandhu,

Jaehong ParkAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 8, Issue 4

Pages 351 - 387

https://doi.org/10.1145/1108906.1108908

Published: 01 November 2005 Publication History

Get Access

Abstract

The recent usage control model (UCON) is a foundation for next-generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, obligations, and conditions, presented as UCON_ABC core models by Park and Sandhu. Based on these core aspects, we develop a formal model and logical specification of UCON with an extension of Lamport's temporal logic of actions (TLA). The building blocks of this model include: (1) a set of sequences of system states based on the attributes of subjects, objects, and the system, (2) authorization predicates based on subject and object attributes, (3) usage control actions to update attributes and accessing status of a usage process, (4) obligation actions, and (5) condition predicates based on system attributes. A usage control policy is defined as a set of temporal logic formulas that are satisfied as the system state changes. A fixed set of scheme rules is defined to specify general UCON policies with the properties of soundness and completeness. We show the flexibility and expressive capability of this formal model by specifying the core models of UCON and some applications.

References

[1]

Bell, D. E. and LaPadula, L. J. 1975. Secure computer systems: Mathematical foundations and model. Mitre Corp. Report No.M74-244, Bedford, MA.]]

Google Scholar

[2]

Bertino, E., Bettini, C., and Samarati, P. 1994. A temporal authorization model. In Proceedings of ACM Conference on Computer and Communication Security. ACM, New York.]]

Crossref

Google Scholar

[3]

Bertino, E., Bettini, C., Ferrari, E., and Samarati, P. 1996. A temporal access control mechanism for database systems. IEEE Transactions on Knowledge and Data Engineering 8, 1 (Feb.).]]

Digital Library

Google Scholar

[4]

Bertino, E., Bettini, C., Ferrari, E., and Samarati, P. 1999. An access control model supporting periodicity constraints and temporal reasoning. ACM Transaction on Database Systems 23, 3 (Sept.).]]

Crossref

Google Scholar

[5]

Bertino, E., Catania, B., Ferrari, E., and Perlasca, P. 2001. A logical framework for reasoning about access control models. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies. ACM, New York.]]

Crossref

Google Scholar

[6]

Bettini, C., Jajodia, S., Wang, X. S., and Wijesekera, D. 2002a. Obligation monitoring in policy management. In Proceedings of the 3rd Internationl Workshop on Policies for Distributed Systems and Networks.]]

Crossref

Google Scholar

[7]

Bettini, C., Jajodia, S., Wang, X. S., and Wijesekera, D. 2002b. Provisions and obligations in policy management and security applications. In Proceedings of the 28th VLDB Conference.]]

Google Scholar

[8]

Brewer, D. and Nash, M. 1988. The chinese wall security policy. In Proceedings of the IEEE Symposium on Research in Security and Privacy.]]

Google Scholar

[9]

Chomicki, J. and Lobo, J. 2001. Monitors for history-based policies. In Proceedings of the 2nd Internationl Workshop on Policies for Distributed Systems and Networks.]]

Crossref

Google Scholar

[10]

Damianou, N., Dulay, N., Lupu, E., and Sloman, M. 2001. The ponder policy specification language. In Proceedings of the Workshop on Policies for Distributed Systems and Networks.]]

Crossref

Google Scholar

[11]

Denning, D. E. 1976. A lattice model of secure information flow. Communications of the ACM 19, 5 (May).]]

Digital Library

Google Scholar

[12]

Gal, A. and Atluri, V. 2000. An authorization model for temporal data. In Proceedings of the ACM Conference on Computer and Communication Security.]]

Crossref

Google Scholar

[13]

Hansen, M. and Sharp, R. 2003. Using interval logics for temporal analysis of security protocols. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering.]]

Crossref

Google Scholar

[14]

Jajodia, S., Samarati, P., and Subrahmanian, V. S. 1997. A logical language for expressing authorizations. In Proceedings of the IEEE Symposium On Research in Security and Privacy.]]

Crossref

Google Scholar

[15]

Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S. 2001. Flexible support for multiple access control policies. ACM Transactions on Database Systems 26, 2 (June).]]

Digital Library

Google Scholar

[16]

Joshi, J., Bertino, E., Shafiq, B., and Ghafoor, A. 2003. Constraints: Dependencies and separation of duty constraints in gtrbac. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies.]]

Crossref

Google Scholar

[17]

Joshi, J., Bertino, E., Latif, U., and Ghafoor, A. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 17, 1.]]

Digital Library

Google Scholar

[18]

Lamport, L. 1994. The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16, 3 (May).]]

Digital Library

Google Scholar

[19]

Manna, Z. and Pnueli, A. 1991. The Temporal Logic of Reactive and Concurrent Systems Specification. Springer-Verlag, New York.]]

Crossref

Google Scholar

[20]

Park, J. and Sandhu, R. 2004. The UCONABC usage control model. ACM Transactions on Information and Systems Security 7, 1 (Feb.).]]

Digital Library

Google Scholar

[21]

Park, J., Zhang, X., and Sandhu, R. 2004. Arrtibute mutability in usage control. In Proceedings of the Proceedings of 18th Annual IFIP WG 11.3 Working Conference on Data and Applications Security.]]

Google Scholar

[22]

Sandhu, R. 1993. Lattice-based access control models. IEEE Computer 26, 11 (Nov.).]]

Digital Library

Google Scholar

[23]

Sandhu, R. and Park, J. 2003. Usage control: A vision for next generation access control. In Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security.]]

Google Scholar

[24]

Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role based access control models. IEEE Computer 29, 2.]]

Digital Library

Google Scholar

[25]

Siewe, F., Cau, A., and Zedan, H. 2003. Compositional framework for access control policies enforcement. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering.]]

Crossref

Google Scholar

[26]

Simon, R. T. and Zurko, M. E. 1997. Separation of duty in role-based environments. In IEEE Computer Security Foundations Workshop.]]

Crossref

Google Scholar

Cited By

View all

Basin DDebois SHildebrandt T(2024)Proactive enforcement of provisions and obligationsJournal of Computer Security10.3233/JCS-21007832:3(247-289)Online publication date: 17-Jun-2024
https://doi.org/10.3233/JCS-210078
Bellaj BOuaddah ABertin ECrespi NMezrioui A(2024)Drawing the Boundaries Between Blockchain and Blockchain-Like Systems: A Comprehensive Survey on Distributed Ledger TechnologiesProceedings of the IEEE10.1109/JPROC.2024.3386257112:3(247-299)Online publication date: Mar-2024
https://doi.org/10.1109/JPROC.2024.3386257
Mishra RYadav RNath P(2024)Access Control Models and Frameworks for the IoT Environment: Review, Challenges, and Future DirectionWireless Personal Communications: An International Journal10.1007/s11277-024-11568-4138:3(1671-1701)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11277-024-11568-4
Show More Cited By

Index Terms

Formal model and policy specification of usage control
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A logical specification for usage control
SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

Recently presented usage control (UCON) has been considered as the next generation access control model with distinguishing properties of decision continuity and attribute mutability. Ausage control decision is determined by combining authorizations, ...
The UCON_ABC usage control model

In this paper, we introduce the family of UCON_ABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, ...
A note on the formalisation of UCON
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

Usage Control (UCON) Models, similar to Access Control Models, control and govern the users' access to resources and services that are available in the system. One of the major improvements of UCON over traditional access control models is the ...

Reviews

Reviewer: Andre C. M. Marien

This is the latest in a series of papers about user control models (UCON), which provide a basis for next-generation access control systems. Access control in current-generation systems is static. Authorization and control are based on immutable attributes. This series of papers consider dynamic access control, and contains examples of problems requiring such an approach. The first step semi-formally describes authorizations, obligations, and conditions that are the basis for access control decisions. Temporal logic supports formal reasoning about time concepts, such as "always true," "eventually true," "has always been true," and "is true since." This type of reasoning is required in a world with mutable attributes. Lamport's temporal logic of action (TLA) provides the framework for formalizing the model and policy specifications. A fixed set of schema rules is defined to specify general UCON-policies that are subsequently proven sound and complete. The paper has 12 sections, presented in a typical academic style: an introduction; a motivating example; an introduction to UCON; an introduction to TLA; the logical model; the core authorization models of core UCON; models for obligations and conditions; a rule set that is sound and complete; the flexibility an expressive power of the model; related work; and conclusions and future work. The main contribution of this paper, according to the authors, is to formalize the UCON model with a temporal logic, while previously the model was informal and conceptual. This helps to define policies precisely, and give a precise meaning to the UCON features. Sections 6 and 10 prove that this approach is promising. A first step in understanding a user control system is understanding the scope of the proposed model. In this paper, a user control system is conceived as a system with six components: subjects and their attributes, objects and their attributes, rights, authorizations, obligations, and conditions. An authorization permits or denies access. Obligations are activities that must be performed by subjects. Conditions are environmental restrictions, unrelated to subject or object attributes. The authors point at two distinctive features of UCON: the continuity of access decisions and mutability of attributes. Decisions can be pre-decisions or ongoing decisions. Attribute updates can be pre-updates, ongoing updates, and post-updates, relative to their usage. Attribute updates can be administrator controlled or system controlled. The latter are mutable, the former are immutable as far as the system is concerned. There are three different kinds of attributes: subject, object, and system attributes. System state is a specific attribute with values initial, requested, denied, accessing, revoked, and end. There are two types of actions in UCON: user control actions and obligation actions. An update action changes the system state to a new one via an attribute update. System attributes cannot be updated. Actions are considered timeless. The transition from one system state to another is a usage control action. Actions are performed by either a subject or the system. An obligation is an action that must be performed by a subject before or during an access. The usage control decision is determined by authorizations before/during the usage, and there are no/one or more updates before and no/one or more updates during this usage. There are therefore eight core authorization models. Examples are given for each model. This uniform approach for heterogeneous existing models is refreshing, and it is well worth reading the paper just to gain an understanding and appreciation of this part. The next section provides a formal specification of general UCON models, and provides a proof of completeness and soundness. In the last core section, the authors discuss the expressivity and flexibility of the model. They include examples of role-based access control (RBAC); the Chinese Wall policy; dynamic separation of duty; the mandatory access control (MAC) policy with HIGH watermark property; and hospital information systems (HIS). Again, the approach supports a generic, concise, and clear description. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

ACM Transactions on Information and System Security Volume 8, Issue 4

November 2005

108 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1108906

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2005

Published in TISSEC Volume 8, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

200
Total Citations
View Citations
1,981
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)7

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Basin DDebois SHildebrandt T(2024)Proactive enforcement of provisions and obligationsJournal of Computer Security10.3233/JCS-21007832:3(247-289)Online publication date: 17-Jun-2024
https://doi.org/10.3233/JCS-210078
Bellaj BOuaddah ABertin ECrespi NMezrioui A(2024)Drawing the Boundaries Between Blockchain and Blockchain-Like Systems: A Comprehensive Survey on Distributed Ledger TechnologiesProceedings of the IEEE10.1109/JPROC.2024.3386257112:3(247-299)Online publication date: Mar-2024
https://doi.org/10.1109/JPROC.2024.3386257
Mishra RYadav RNath P(2024)Access Control Models and Frameworks for the IoT Environment: Review, Challenges, and Future DirectionWireless Personal Communications: An International Journal10.1007/s11277-024-11568-4138:3(1671-1701)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11277-024-11568-4
Esterhuyse CMüller Tvan Binsbergen L(2024)JustAct: Actions Universally Justified by Partial Dynamic PoliciesFormal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-031-62645-6_4(60-81)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-62645-6_4
Schöpp UXu CIbrahim AFaghih FDimitrakos TRanise SCarbone RTakabi D(2023)Specifying a Usage Control SystemProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593843(193-200)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3593843
Ameer SBenson JSandhu R(2023)Hybrid Approaches (ABAC and RBAC) Toward Secure Access Control in Smart Home IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321629720:5(4032-4051)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3216297
Yu AKang JJiang WLin D(2023)FACT: A Flexible Access Control Technique for Very Large Scale Public IoT Services2023 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)10.1109/PerComWorkshops56833.2023.10150257(386-391)Online publication date: 13-Mar-2023
https://doi.org/10.1109/PerComWorkshops56833.2023.10150257
Tegane SSemchedine FBoudries A(2023)An extended Attribute-based access control with controlled delegation in IoTJournal of Information Security and Applications10.1016/j.jisa.2023.10347376:COnline publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103473
Patil DLokhande MMule N(2023)An intelligent system with fuzzy-based inference engine for secured tele-robotic surgeryHealthcare Analytics10.1016/j.health.2023.1002644(100264)Online publication date: Dec-2023
https://doi.org/10.1016/j.health.2023.100264
Arshad HPicazo-Sanchez PJohansen CSchneider G(2023)Attribute-based encryption with enforceable obligationsJournal of Cryptographic Engineering10.1007/s13389-023-00317-113:3(343-371)Online publication date: 29-Apr-2023
https://doi.org/10.1007/s13389-023-00317-1
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A logical specification for usage control

The UCON_ABC usage control model

A note on the formalisation of UCON

Reviews

Access critical reviews of Computing literature here

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A logical specification for usage control

The UCONABC usage control model

A note on the formalisation of UCON

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations

The UCON_ABC usage control model