Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park (www.list.gmu.edu) Laboratory for Information Security.

Published byBlake Patterson Modified over 10 years ago

Similar presentations

Presentation on theme: "Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park (www.list.gmu.edu) Laboratory for Information Security."— Presentation transcript:

1 Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park (www.list.gmu.edu) Laboratory for Information Security Technology (LIST) George Mason University

2 © 2003 GMU LIST2 Problem Statement Traditional access control models are not adequate for todays distributed, network- connected digital environment. Authorization only – No obligation or condition based control Decision is made before access – No ongoing control No consumable rights - No mutable attributes Rights are pre-defined and granted to subjects

3 © 2003 GMU LIST3 Prior Work Problem-specific enhancement to traditional access control Digital Rights Management (DRM) mainly focus on intellectual property rights protection. Architecture and Mechanism level studies, Functional specification languages – Lack of access control model Trust Management Authorization for strangers access based on credentials

4 © 2003 GMU LIST4 Prior Work Incrementally enhanced models Provisional authorization [Kudo & Hada, 2000] EACL [Ryutov & Neuman, 2001] Task-based Access Control [Thomas & Sandhu, 1997] Ponder [Damianou et al., 2001]

5 © 2003 GMU LIST5 Problem Statement Traditional access control models are not adequate for todays distributed, network-connected digital environment. No access control models available for DRM. Recently enhanced models are not comprehensive enough to resolve various shortcomings. Need for a unified model that can encompass traditional access control models, DRM and other enhanced access control models from recent literature

6 © 2003 GMU LIST6 Usage Control (UCON) Coverage Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor Client-side reference monitor SRM & CRM

7 © 2003 GMU LIST7 OM-AM layered Approach ABC core models for UCON

8 © 2003 GMU LIST8 Building ABC Models Continuity Decision can be made during usage for continuous enforcement Mutability Attributes can be updated as side- effects of subjects actions

9 © 2003 GMU LIST9 Examples Long-distance phone (pre-authorization with post-update) Pre-paid phone card (ongoing-authorization with ongoing-update) Pay-per-view (pre-authorization with pre- updates) Click Ad within every 30 minutes (ongoing- obligation with ongoing-updates) Business Hour (pre-/ongoing-condition)

10 © 2003 GMU LIST10 ABC Model Space 0(Immutable)1(pre)2(ongoing)3(post) preAYYNY onAYYYY preBYYNY onBYYYY preCYNNN onCYNNN N : Not applicable

11 © 2003 GMU LIST11 A Family of ABC Core Models

12 © 2003 GMU LIST12 UCON preA Online content distribution service Pay-per-view (pre-update) Metered payment (post-update)

13 © 2003 GMU LIST13 UCON preA : pre-Authorizations Model UCON preA0 S, O, R, ATT(S), ATT(O) and preA (subjects, objects, rights, subject attributes, object attributes, and pre-authorizations respectively); allowed(s,o,r) preA(ATT(s),ATT(o),r) UCON preA1 preUpdate(ATT(s)),preUpdate(ATT(o)) UCON preA3 postUpdate(ATT(s)),postUpdate(ATT(o))

14 © 2003 GMU LIST14 UCON preA0 : MAC Example L is a lattice of security labels with dominance relation clearance: S L classification: O L ATT(S) = {clearance} ATT(O) = {classification} allowed(s,o,read) clearance(s) classification(o) allowed(s,o,write) clearance(s) classification(o)

15 © 2003 GMU LIST15 DAC in UCON: with ACL (UCON preA0 ) N is a set of identity names id : S N, one to one mapping ACL : O 2 N x R, n is authorized to do r to o ATT(S)= {id} ATT(O)= {ACL} allowed(s,o,r) (id(s),r) ACL(o)

16 © 2003 GMU LIST16 RBAC in UCON: RBAC 1 (UCON preA0 ) P = {(o,r)} ROLE is a partially ordered set of roles with dominance relation actRole: S 2 ROLE Prole: P 2 ROLE ATT(S) = {actRole} ATT(O) = {Prole} allowed(s,o,r) role actRole(s), role Prole(o,r), role role

17 © 2003 GMU LIST17 DRM in UCON: Pay-per-use with a pre-paid credit (UCON preA1 ) M is a set of money amount credit: S M value: O x R M ATT(s): {credit} ATT(o,r): {value} allowed(s,o,r) credit(s) value(o,r) preUpdate(credit(s)): credit(s) = credit(s) - value(o,r)

18 © 2003 GMU LIST18 UCON preA3 : DRM Example Membership-based metered payment M is a set of money amount ID is a set of membership identification numbers TIME is a current usage minute member: S ID expense: S M usageT: S TIME value: O x R M (a cost per minute of r on o) ATT(s): {member, expense, usageT} ATT(o,r): {valuePerMinute} allowed(s,o,r) member(s) postUpdate(expense(s)): expense(s) = expense(s) + (value(o,r) x usageT(s))

19 © 2003 GMU LIST19 UCON onA Pay-per-minutes (pre-paid Phone Card)

20 © 2003 GMU LIST20 UCON onA : ongoing-Authorizations Model UCON onA0 S, O, R, ATT(S), ATT(O) and onA; allowed(s,o,r) true; Stopped(s,o,r) onA(ATT(s),ATT(o),r) UCON onA1, UCON onA2, UCON onA3 preUpdate(ATT(s)),preUpdate(ATT(o)) onUpdate(ATT(s)),onUpdate(ATT(o)) postUpdate(ATT(s)),postUpdate(ATT(o)) Examples Certificate Revocation Lists revocation based on starting time, longest idle time, and total usage time

21 © 2003 GMU LIST21 UCON B Free Internet Service Provider Watch Ad window (no update) Click ad within every 30 minutes (ongoing update)

22 © 2003 GMU LIST22 UCON preB0 : pre-oBligations w/ no update S, O, R, ATT(S), and ATT(O); OBS, OBO and OB (obligation subjects, obligation objects, and obligation actions, respectively); preB and preOBL (pre-obligations predicates and pre-obligation elements, respectively); preOBL OBS x OBO x OB; preFulfilled: OBS x OBO x OB {true,false}; getPreOBL: S x O x R 2 preOBL, a function to select pre-obligations for a requested usage; preB(s,o,r) = (obs_i,obo_i,ob_i) getPreOBL(s,o,r) preFulfilled(obs i,obo i,ob i ); preB(s,o,r) = true by definition if getPreOBL(s,o,r)= ; allowed(s,o,r) preB(s,o,r). Example: License agreement for a whitepaper download

23 © 2003 GMU LIST23 UCON onB0 : ongoing-oBligations w/ no update S, O, R, ATT(S), ATT(O), OBS, OBO and OB; T, a set of time or event elements; onB and onOBL (on-obligations predicates and ongoing-obligation elements, respectively); onOBL OBS x OBO x OB x T; onFulfilled: OBS x OBO x OB x T {true,false}; getOnOBL: S x O x R 2 onOBL, a function to select ongoing- obligations for a requested usage; onB(s,o,r) = (obs_i,obo_i,ob_i, t_i) getOnOBL(s,o,r) onFulfilled(obs i,obo i,ob i,t i ); onB(s,o,r) = true by definition if getOnOBL(s,o,r)= ; allowed(s,o,r) true; Stopped(s,o,r) onB(s,o,r). Example: Free ISP with mandatory ad window

24 © 2003 GMU LIST24 UCON C Location check at the time of access request Accessible only during business hours

25 © 2003 GMU LIST25 UCON preC0 : pre-Condition model S, O, R, ATT(S), and ATT(O); preCON (a set of pre-condition elements); preConChecked: preCON {true,false}; getPreCON: S x O x R 2 preCON ; preC(s,o,r) = preCon_i getPreCON(s,o,r) preConChecked(preCon i ); allowed(s,o,r) preC(s,o,r). Example: location checks at the time of access requests

26 © 2003 GMU LIST26 UCON onC0 : ongoing-Condition model S, O, R, ATT(S), and ATT(O); onCON (a set of on-condition elements); onConChecked: onCON {true,false}; getOnCON: S x O x R 2 onCON ; onC(s,o,r) = onCon_i getOnCON(s,o,r) onConChecked(onCon i ); allowed(s,o,r) true; Stopped(s,o,r) onC(s,o,r) Example: accessible during office hour

27 © 2003 GMU LIST27 UCON ABC Free ISP Membership is required (pre-authorization) Have to click Ad periodically while connected (on-obligation, on-update) Free member: no evening connection (on-condition), no more than 50 connections (pre-update) or 100 hours usage per month (post-updates)

28 © 2003 GMU LIST28 ABC Models

29 © 2003 GMU LIST29 Beyond the ABC Core Models

30 © 2003 GMU LIST30 Conclusion Developed A family of ABC core models for Usage Control (UCON) to unify traditional access control models, DRM, and other modern enhanced models. ABC model integrates authorizations, obligations, conditions, as well as continuity and mutability properties.

31 © 2003 GMU LIST31 Future Research Enhance the model UCON administration or management Detail of update procedure in ABC model Delegation of usage rights Develop Architectures and Mechanisms Payment-based architectures CRM and SRM Architectures for multi-organizations (B2B) UCON Engineering Analysis of policy Designing/modeling rules and Attributes

32 © 2003 GMU LIST32 Publications Jaehong Park and Ravi Sandhu, The ABC Core Model for Usage Control: Integrating Authorizations, oBligations, and Conditions to appear on ACM Transactions on Information and System Security (TISSEC), 2004 Ravi Sandhu and Jaehong Park, Usage Control: A vision for Next Generation Access Control to appear on The Second International Workshop "Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), Sep. 2003. Jaehong Park and Ravi Sandhu, Towards Usage Control Models: Beyond Traditional Access Control In Proceedings of 7 th ACM Symposium on Access Control Models and Technologies, Jun. 2002 Jaehong Park and Ravi Sandhu, Originator Control in Usage Control In Proceedings of 3 rd International Workshop on Policies for Distributed Systems and Networks, pp. 60-66, IEEE, Jun. 2002 Jaehong Park, Ravi Sandhu, and James Schifalacqua, Security Architectures for Controlled Digital information Dissemination. In Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 224-233, Dec. 2000

Download ppt "Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park (www.list.gmu.edu) Laboratory for Information Security."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
© Ravi Sandhu www.list.gmu.edu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.

© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Institute for Cyber Security

Institute for Cyber Security
© 2006 Ravi Sandhu www.list.gmu.edu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Similar presentations

Ads by Google