Distributed Usage Control

AbstractWith more and more personal data being collected and stored by service providers, there is an increasing need to ensure that their usage is compliant with privacy regulations and user preferences. We consider the specific scenario where promised usage is specified as metric temporal logic policies, and these policies can be verified against the database usage logs. Given the vast amount of data being collected, scalability is very important. In this work, we show how such usage monitoring can be performed in a distributed fashion for an expressive set of policies. Experimental results are given for a real-life use case to show the genericness and scalability of the results

DTD level authorization in XML documents with usage control

[Summary]: In recent years an increasing amount of semi-structured data has become important to humans and programs. XML promoted by the World Wide Web Consortium (W3C) is rapidly emerging as the new standard language for semi-structured data representation and exchange on the Internet. XML documents may contain private information that cannot be shared by all user communities. So securing XML data is becoming increasingly important and several approaches have been designed to protect information in a website. However, these approaches typically are used at file system level, rather than for the data in XML documents. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. Usage control enables finer-grained control over usage of digital objects than that of traditional access control policies and models. In this paper, we present a usage control model to protect information distributed on the web, which allows the access restrictions directly at DTD-level and XML document-level. Finally, comparisons with related works are analysed

A contextual usage control model

Model praćenja uporabe (UCON) je najnovije veliko poboljšanje tradicionalnih modela za praćenje pristupa. On omogućava promjenljivost atributa subjekta i objekta i kontinuitet praćenja uporabe. Međutim, taj model može zabraniti pristup zbog promjena u okolini čak i ako su zadovoljeni zahtjevi autorizacije i obveze te tako korisnicima stvoriti prekide. Predložen je kontekstualni UCON (CUC) kako bi se prevladala ta osnovna slabost UCONa. U CUC-u se uvodi kontekst kao zamjena za komponentu uvjeta u UCON-u. Dodaje se modul upravljanja za manipuliranje atributima subjekta, objekta i konteksta. CUC izravno kombinira module praćenja i upravljanja i može dinamički prilagođavati promjene u kontekstu te je uistinu baziran na atributima. Primijenjen je algebarski pristup za opis sintakse i semantike CUCa.The usage control model (UCON) is the latest major enhancement of traditional access control models. It enables subject and object attributes mutability and usage control continuity. However, with the model access permission may be denied as a result of the environmental changes even though the authorization and obligation requirements are met, thus causing disruptions to users. Contextual UCON (CUC) was proposed to overcome this major weakness of UCON. In CUC context was introduced to replace the conditions component in UCON. And management module was added to manipulate the subject and object and context attributes. CUC seamlessly combines control and management modules and has the ability to dynamically adapt the changes in context, and is truly attribute-based. An algebra approach was employed to describe CUC syntax and semantics formally

10141 Abstracts Collection -- Distributed Usage Control

From 06.04. to 09.04.2010, the Dagstuhl Seminar 10141 ``Distributed Usage Control \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

AN OBLIGATION MODEL FOR USAGE CONTROL

ABSTRACT How to control the access and usage of digital resources is one of the most important issues in computer security nowadays. Among them, how to control the resources when they have been passed to the client-side is a research hot spot. The Usage Control Model (UCON) has been proposed to solve this problem. In this research, we focus on one core component of the UCON model, the obligation. We propose a new obligation model to solve the problems the current ones can not deal with, especially for post-obligation. We also offer two testing scenarios, propose an architecture for a prototype based on the proposed model and apply the scenarios to the prototype architecture for proof-of-concept

Usage control in SIP-based multimedia delivery

The Session Initiation Protocol (SIP) is an application layer signaling protocol for the creation, modification and termination of multimedia sessions and VoIP calls with one or more participants.SIP is widely accepted as the protocol that will dominate multimedia communications in the future and one of the reasons is that it can inherently support multidomain heterogeneous networks.While SIP operates in highly dynamic environments, in the current version its authorization support is based on traditional access control models.The main problem these models face is that they were designed many years ago, and under some circumstances tend to be inadequate in modern highly dynamic environments.Usage Control (UCON), instead, is a model that supports the same operations as traditional access control models do, but it further enhances them with novel ones.In previous work, an architecture supporting continuous authorizations on SIP, based on the UCON model, was presented.In this paper, an authorization support implementing the whole UCON model, including authorizations, obligations and conditions, has been integrated in a SIP system.Moreover, a testbed has been set up to experimentally evaluate the performance of the proposed security mechanism

Towards a Formal Model for Quantifying Trust in Distributed Usage Control Systems

Distributed usage control is a form of usage control that spans over multiple domains and computer systems. As a result, usage control components responsible for evaluating policies, gathering information, executing actions and enforcing decisions are operated in the vicinity of different stakeholders with conflicting interests. In order to prevent malicious stakeholders from manipulating these components, remote attestation can be used to verify the integrity of their code base. However, in a distributed case it is not always apparent what sequence of attestations is necessary and which verifier should conduct them. Furthermore, it is unclear what impact a failed attestation has on the trustworthiness of the whole usage control system. To solve these questions, it is necessary to identify which agents need to trust each other in order to securely execute a certain usage control function. Then the sequence of remote attestations that occur across the distributed usage control system can be examined accordingly. In this work we develop a formal model that represents the trust relationships of distributed usage control systems with multiple collaborating actors. Based on the conducted attestations we define simple binary and non-binary trust metrics that quantify the trust level a data owner can expect at a certain point in time. Finally we show how the model can be used to determine the level of trust reached in a real-world scenario