Component Lifecycle and Concurrency Model in Usage Control (UCON) System
Access control is one of the most challenging issues
facing information security. Access control is defined as, the ability to
permit or deny access to a particular computational resource or digital
information by an unauthorized user or subject. The concept of usage
control (UCON) has been introduced as a unified approach to capture a
number of extensions for access control models and systems. In
UCON, an access decision is determined by three factors:
authorizations, obligations and conditions. Attribute mutability and
decision continuity are two distinct characteristics introduced by
UCON for the first time. An observation of UCON components
indicates that, the components are predefined and static. In this paper,
we propose a new and flexible model of usage control for the creation
and elimination of some of these components; for example new
objects, subjects, attributes and integrate these with the original
UCON model. We also propose a model for concurrent usage
scenarios in UCON.
[1] Alnemr R, Koenig S, Eymann T, Meinel C, (2010). Enabling usage
control through reputation objects: A discussion on e-commerce and the
Internet of services environments. Journal of theoretical and applied
electronic commerce research 5(2): 59-76.
[2] Lazouski A, Martinelli F, Mori P, (2010). Usage control in computer
security: A survey. Computer Science Review, 4(2): 81-99.
[3] Basin D, Harvan M, Klaedtke F, Zalinescu E, (2011). Monitoring
usage-control policiesin distributed systems. In: IEEE Eighteenth
International Symposium on Temporal Representation and Reasoning
(TIME), p. 88-95.
[4] Zhao B, Sandhu R, Zhang X, Qin X, (2007). Towards a times-based usage
control model. In: Data and Applications Security XXI, Springer Berlin
Heidelberg. p. 227-242.
[5] Maler, E, (2010). Controlling Data Usage with User-Managed Access
(UMA). In: W3C Privacy and Data Usage Control Workshop, Cambridge
[6] Sastry M, Krishnan R, (2007), A new modeling paradigm for dynamic
authorization in multi-domain systems. In: Computer Network
Security; Springer Berlin Heidelberg, p. 153-158.
[7] Katt B, Zhang X, Breu R, Hafner M, Seifert JP, (2008). A general
obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of the 13th ACM symposium on Access
control models and technologies; New York, NY, USA: ACM; 2008. p.
123-132.
[8] Basin D., Harvan M., Klaedtke F and Zălinescu E, (2012). MONPOLY:
Monitoring usage-control policies. In: Runtime Verification, Springer
Berlin Heidelberg, 360-364.
[9] Wu J, Shimamoto S, (2010). Usage control based security access scheme
for wireless sensor networks. In: 2010 IEEE International Conference
on Communications (ICC), p. 1-5.
[10] Zhang X, (2006). Formal model and analysis of usage control. Ph.D.
Thesis, George Mason University, Fairfax, VA, USA.
[11] Boyapati C., Lee R., and Rinard M, (2002). Ownership types for safe
programming: Preventing data races and deadlocks. OOPSLA.
[12] Boyland J, (2003). Checking interference with fractional permissions. In
R. Cousot, editor, Static Analysis: 10th International Symposium, volume
2694 of Lecture Notes in Computer Science, pages 55–72, Berlin,
Heidelberg, New York, Springer.
[13] Dijkstra E. W, (1971) Hierarchical ordering of sequential processes. Acta
Informatica, 1 2:115–138
[14] Dijkstra E. W, (1968) Cooperating sequential processes. In F. Genuys,
editor, Programming Languages, pages 43–112. Academic Press.
[15] Hansen P. B; 1972; Structured multiprogramming. Comm. ACM, 15(7):
574–578
[16] Hoare C. A. R, (1972) Towards a theory of parallel programming. In
Hoare and Perrot, editors, Operating Systems Techniques. Academic.
[17] O’Hearn P. W. and Pym D. J (1999) The logic of bunched implications.
Bulletin of Symbolic Logic, 5(2): 215–244.
[18] Owicki S. and Gries D, (1976). Verifying properties of parallel programs:
An axiomatic approach. Comm. ACM, 19(5): 279–285, 1976.
[19] Andrews G (1991); Concurrent programming: principles and practice.
Benjamin/Cummings
[20] Reynolds, J. C. (2005). Toward a grainless semantics for shared-variable
concurrency. In FSTTCS 2004: Foundations of Software Technology and
Theoretical Computer Science (pp. 35-48). Springer Berlin Heidelberg
[21] Gotsman A.,Yang, H, (2011). Liveness-preserving atomicity abstraction.
InAutomata, Languages and Programming (pp. 453-465). Springer Berlin
Heidelberg.
[22] Chen, J. K., Huang, Y. F., Chin, Y. H, (1997). A study of concurrent
operations on R-trees. Information Sciences, 98(1), 263-300.
[23] O’Hearn P.W, (2007). Resources, concurrency, and local reasoning.
Theoretical computer science, 375(1): 271-307.
[24] Brookes S. D, (2005). A semantics for concurrent separation logic.
Theoretical Computer Science, this Volume. Preliminary version
appeared in Proceedings of the 15th CONCUR (2004), LNCS 3170,
pp16-34.
[25] Sen K, (2008). Race directed random testing of concurrent programs. In:
ACM SIGPLAN Notices 43(6): 11-21.
[26] Lu S, Tucek J, Qin F, Zhou Y, (2006). AVIO: detecting atomicity
violations via access interleaving invariants. In: ACM SIGARCH
Computer Architecture News, p. 37-48.
[27] Rajkumar P.V, Ghosh S.K, Dasgupta P, (2009). Application specific
usage control implementation verification. International Journal of
Network Security and Its Applications, 1(3):116-128.
[28] Rajkumar P.V, Ghosh S.K, Dasgupta P, (2010). Concurrent Usage
Control Implementation Verification Using the SPIN Model Checke
[1] Alnemr R, Koenig S, Eymann T, Meinel C, (2010). Enabling usage
control through reputation objects: A discussion on e-commerce and the
Internet of services environments. Journal of theoretical and applied
electronic commerce research 5(2): 59-76.
[2] Lazouski A, Martinelli F, Mori P, (2010). Usage control in computer
security: A survey. Computer Science Review, 4(2): 81-99.
[3] Basin D, Harvan M, Klaedtke F, Zalinescu E, (2011). Monitoring
usage-control policiesin distributed systems. In: IEEE Eighteenth
International Symposium on Temporal Representation and Reasoning
(TIME), p. 88-95.
[4] Zhao B, Sandhu R, Zhang X, Qin X, (2007). Towards a times-based usage
control model. In: Data and Applications Security XXI, Springer Berlin
Heidelberg. p. 227-242.
[5] Maler, E, (2010). Controlling Data Usage with User-Managed Access
(UMA). In: W3C Privacy and Data Usage Control Workshop, Cambridge
[6] Sastry M, Krishnan R, (2007), A new modeling paradigm for dynamic
authorization in multi-domain systems. In: Computer Network
Security; Springer Berlin Heidelberg, p. 153-158.
[7] Katt B, Zhang X, Breu R, Hafner M, Seifert JP, (2008). A general
obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of the 13th ACM symposium on Access
control models and technologies; New York, NY, USA: ACM; 2008. p.
123-132.
[8] Basin D., Harvan M., Klaedtke F and Zălinescu E, (2012). MONPOLY:
Monitoring usage-control policies. In: Runtime Verification, Springer
Berlin Heidelberg, 360-364.
[9] Wu J, Shimamoto S, (2010). Usage control based security access scheme
for wireless sensor networks. In: 2010 IEEE International Conference
on Communications (ICC), p. 1-5.
[10] Zhang X, (2006). Formal model and analysis of usage control. Ph.D.
Thesis, George Mason University, Fairfax, VA, USA.
[11] Boyapati C., Lee R., and Rinard M, (2002). Ownership types for safe
programming: Preventing data races and deadlocks. OOPSLA.
[12] Boyland J, (2003). Checking interference with fractional permissions. In
R. Cousot, editor, Static Analysis: 10th International Symposium, volume
2694 of Lecture Notes in Computer Science, pages 55–72, Berlin,
Heidelberg, New York, Springer.
[13] Dijkstra E. W, (1971) Hierarchical ordering of sequential processes. Acta
Informatica, 1 2:115–138
[14] Dijkstra E. W, (1968) Cooperating sequential processes. In F. Genuys,
editor, Programming Languages, pages 43–112. Academic Press.
[15] Hansen P. B; 1972; Structured multiprogramming. Comm. ACM, 15(7):
574–578
[16] Hoare C. A. R, (1972) Towards a theory of parallel programming. In
Hoare and Perrot, editors, Operating Systems Techniques. Academic.
[17] O’Hearn P. W. and Pym D. J (1999) The logic of bunched implications.
Bulletin of Symbolic Logic, 5(2): 215–244.
[18] Owicki S. and Gries D, (1976). Verifying properties of parallel programs:
An axiomatic approach. Comm. ACM, 19(5): 279–285, 1976.
[19] Andrews G (1991); Concurrent programming: principles and practice.
Benjamin/Cummings
[20] Reynolds, J. C. (2005). Toward a grainless semantics for shared-variable
concurrency. In FSTTCS 2004: Foundations of Software Technology and
Theoretical Computer Science (pp. 35-48). Springer Berlin Heidelberg
[21] Gotsman A.,Yang, H, (2011). Liveness-preserving atomicity abstraction.
InAutomata, Languages and Programming (pp. 453-465). Springer Berlin
Heidelberg.
[22] Chen, J. K., Huang, Y. F., Chin, Y. H, (1997). A study of concurrent
operations on R-trees. Information Sciences, 98(1), 263-300.
[23] O’Hearn P.W, (2007). Resources, concurrency, and local reasoning.
Theoretical computer science, 375(1): 271-307.
[24] Brookes S. D, (2005). A semantics for concurrent separation logic.
Theoretical Computer Science, this Volume. Preliminary version
appeared in Proceedings of the 15th CONCUR (2004), LNCS 3170,
pp16-34.
[25] Sen K, (2008). Race directed random testing of concurrent programs. In:
ACM SIGPLAN Notices 43(6): 11-21.
[26] Lu S, Tucek J, Qin F, Zhou Y, (2006). AVIO: detecting atomicity
violations via access interleaving invariants. In: ACM SIGARCH
Computer Architecture News, p. 37-48.
[27] Rajkumar P.V, Ghosh S.K, Dasgupta P, (2009). Application specific
usage control implementation verification. International Journal of
Network Security and Its Applications, 1(3):116-128.
[28] Rajkumar P.V, Ghosh S.K, Dasgupta P, (2010). Concurrent Usage
Control Implementation Verification Using the SPIN Model Checke
@article{"International Journal of Information, Control and Computer Sciences:68200", author = "P. Ghann and J. Shiguang and C. Zhou", title = "Component Lifecycle and Concurrency Model in Usage Control (UCON) System", abstract = "Access control is one of the most challenging issues
facing information security. Access control is defined as, the ability to
permit or deny access to a particular computational resource or digital
information by an unauthorized user or subject. The concept of usage
control (UCON) has been introduced as a unified approach to capture a
number of extensions for access control models and systems. In
UCON, an access decision is determined by three factors:
authorizations, obligations and conditions. Attribute mutability and
decision continuity are two distinct characteristics introduced by
UCON for the first time. An observation of UCON components
indicates that, the components are predefined and static. In this paper,
we propose a new and flexible model of usage control for the creation
and elimination of some of these components; for example new
objects, subjects, attributes and integrate these with the original
UCON model. We also propose a model for concurrent usage
scenarios in UCON.
", keywords = "Access Control, Concurrency, Digital container,
Usage control.", volume = "8", number = "3", pages = "531-8", }
