Abstract
The notion of Usage Control (UCON) has been introduced recently to extend traditional access controls by including three decision factors called authorizations, obligations, and conditions. Usage control also recognize two important decision properties of continuity and mutability. In access control literature, an authorization decision is commonly made by utilizing some form of subject and object attributes. Identities, security labels and roles are some examples of attributes. Traditionally these attributes are assigned to subjects and objects by a security officer and can be modified only by administrative actions. However, in modern information systems these attributes are often required to be changed as a side effect of subject’s usage on object. This requirement of updates has been recognized and defined as mutability property in usage control. In this paper, we discuss issues of this attribute mutability and show how usage control can apply this mutability property in various traditional and modern access control policies.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D.F.C. Brewer and M.J. Nash. The Chinese Wall security policy. In Proceedings of IEEE Symposium on Security and Privacy, pages 215–228, 1989.
Virgil Gligor, Serban Gavrila, and David Ferraiolo. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Security and Privacy, pages 172–183, 1998.
Jaehong Park and Ravi Sandhu. Towards usage control models: beyond traditional access control. In Proceedings of the seventh ACM symposium on Access control models and technologies, pages 57–64. ACM Press, 2002.
Jaehong Park and Ravi Sandhu. The UCON ABC usage control model. ACM Transactions on Information and Systems Security, 7(1): 128–174, 2004.
Ravi Sandhu. Transaction control expressions for separation of duties. In Proc. of the Fourth Computer Security Applications Conference, pages 282–286, 1988.
Ravi Sandhu, Separation of duties in computerized information systems. In IFIP Workshop on Database Security, pages 179–190, 1990.
Ravi Sandhu. Lattice-based enforcement of Chinese walls. Computer and Security, pages 753–763, December 1992.
Ravi Sandhu and Jaehong Park. Usage control: A vision for next generation access control. In Proceedings of The 2nd International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, pages 17–31, 2003.
Richard T. Simon and Mary Ellen Zurko. Separation of duty in role-based environments. In IEEE Computer Security Foundations Workshop, pages 183–194, 1997.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this paper
Cite this paper
Park, J., Zhang, X., Sandhu, R. (2004). Attribute Mutability in Usage Control. In: Farkas, C., Samarati, P. (eds) Research Directions in Data and Applications Security XVIII. IFIP International Federation for Information Processing, vol 144. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8128-6_2
Download citation
DOI: https://doi.org/10.1007/1-4020-8128-6_2
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8127-9
Online ISBN: 978-1-4020-8128-6
eBook Packages: Springer Book Archive