Usage control in computer security: A survey

Computer Science Review

Volumn 4, Issue 2, 2010, Pages 81-99

  Lazouski, Aliaksandr ^a   Martinelli, Fabio ^a   Mori, Paolo ^a  

^a Istituto di informatica e telematica del Consiglio nazionale delle ricerche   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL MODELS; COMPUTER ENVIRONMENTS; COMPUTING ENVIRONMENTS; DIGITAL RIGHTS MANAGEMENT; DISCRETIONARY ACCESS CONTROL; MANDATORY ACCESS CONTROL; MODERN COMPUTER SYSTEMS; ROLE-BASED ACCESS CONTROL;

COPYRIGHTS; DISTRIBUTED COMPUTER SYSTEMS; SECURITY SYSTEMS; SURVEYS;

ACCESS CONTROL;

EID: 77950864309     PISSN: 15740137     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cosrev.2010.02.002     Document Type: Article

References (79)

1. Park J., and Sandhu R. Towards usage control models: Beyond traditional access control. SACMAT'02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (2002), ACM, New York, NY, USA 57-64
2. J. Park, Usage control: A unified framework for next generation access control, Ph.D. Thesis, George Mason University, Fairfax, VA, USA, 2003.
3. X. Zhang, Formal model and analysis of usage control, Ph.D. Thesis, George Mason University, Fairfax, VA, USA, 2006.
4. di Vimercati S.D.C., Paraboschi S., and Samarati P. Access control: Principles and solutions. Softw. Pract. Exper. 33 5 (2003) 397-421
5. Artz D., and Gil Y. A survey of trust in computer science and the semantic web. Web Semant. 5 2 (2007) 58-71
6. H.L. Jonker, S. Mauw, J.H.S. Verschuren, A.T.S.C. Schoonen, Security aspects of DRM systems, in: 25th Symposium on Information Theory in the Benelux, 2004, pp. 169-176.
7. Liu Q., Safavi-Naini R., and Sheppard N.P. Digital rights management for content distribution. ACSW Frontiers'03: Proceedings of the Australasian Information Security Workshop (2003), Australian Computer Society, Inc., Darlinghurst, Australia, Australia 49-58
8. Sandhu R.S., and Park J. Usage control: A vision for next generation access control. MMM-ACNS. Lecture Notes in Computer Science vol. 2776 (2003), Springer 17-31
9. Krishnan R., Sandhu R., and Ranganathan K. PEI models towards scalable, usable and high-assurance information sharing. SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (2007), ACM, New York, NY, USA 145-150
10. Sandhu R., Ranganathan K., and Zhang X. Secure information sharing enabled by trusted computing and PEI models. ASIACCS'06: Proceedings of ACM Symposium on Information, Computer and Communications Security (2006), ACM, New York, NY, USA 2-12
11. Sandhu R. Engineering authority and trust in cyberspace: The OM-AM and RBAC way. In Proceedings of 5th ACM Workshop on Role-Based Access Control (2000), ACM 111-119
12. Park J., and Sandhu R. The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7 1 (2004) 128-174
13. Alam M., Zhang X., Nauman M., Ali T., and Seifert J.-P. Model-based behavioral attestation. SACMAT'08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (2008), ACM, New York, NY, USA 175-184
14. Bertino E., Bonatti P., and Ferrari E. TrBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4 3 (2001) 191-233
15. Yao W., Moody K., and Bacon J. A model of OASIS role-based access control and its support for active security. SACMAT'01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (2001), ACM, New York, NY, USA 171-181
16. Ku W., and Chi C.-H. Survey on the technological aspects of digital rights management. Information Security (2004) 391-403
17. Park J., Zhang X., and Sandhu R.S. Attribute mutability in usage control. DBSec (2004), Kluwer 15-29
18. Shin W., and Yoo S.B. Secured web services based on extended usage control. PAKDD Workshops. Lecture Notes in Computer Science vol. 4819 (2007), Springer 656-663
19. Z. Zhang, L. Yang, Q. Pei, J. Ma, Research on usage control model with delegation characteristics based on OM-AM methodology, in: NPC'2007: Proceedings of Network and Parallel Computing Workshops, 2007, pp. 238-243.
20. Sastry M., Krishnan R., and Sandhu R. A new modeling paradigm for dynamic authorization in multi-domain systems. Communications in Computer and Information Science vol. 1 (2007), Springer, Berlin, Heidelberg 153-158
21. Luo X., Yang Y., and Hu Z. Controllable delegation model based on usage and trustworthiness. KAM'08: Proceedings of the 2008 International Symposium on Knowledge Acquisition and Modeling (2008), IEEE Computer Society, Washington, DC, USA 745-749
22. Katt B., Zhang X., Breu R., Hafner M., and Seifert J.-P. A general obligation model and continuity: Enhanced policy enforcement engine for usage control. SACMAT'08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (2008), ACM, New York, NY, USA 123-132
23. M. Hilty, D. Basin, A. Pretschner, On obligations, in: Proceedings of ESORICS 2005, 2005, pp. 98-117.
24. Pretschner A., Hilty M., and Basin D. Distributed usage control. Commun. ACM 49 9 (2006) 39-44
25. Irwin K., Yu T., and Winsborough W.H. On the modeling and analysis of obligations. CCS06: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006), ACM Press 134-143
26. Bettini C., Jajodia S., Wang X., and Wijesekera D. Obligation monitoring in policy management. POLICY'02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (2002), IEEE Computer Society, Washington, DC, USA
27. Gama P., and Ferreira P. Obligation policies: An enforcement platform. POLICY'05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (2005), IEEE Computer Society, Washington, DC, USA 203-212
28. Minsky N.H., and Lockman A.D. Ensuring integrity by adding obligations to privileges. ICSE'85: Proceedings of the 8th International Conference on Software Engineering (1985), IEEE Computer Society Press, Los Alamitos, CA, USA 92-102
29. Zhao G., Chadwick D., and Otenko S. Obligations for role based access control. AINAW'07: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops (2007), IEEE Computer Society, Washington, DC, USA 424-431
30. Zhang X., Parisi-Presicce F., Sandhu R., and Park J. Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8 4 (2005) 351-387
31. Lamport L. The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16 3 (1994) 872-923
32. Zhang X., Park J., Parisi-Presicce F., and Sandhu R. A logical specification for usage control. SACMAT'04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (2004), ACM, New York, NY, USA 1-10
33. Zhang X., Sandhu R., and Parisi-Presicce F. Safety analysis of usage control authorization models. ASIACCS'06: Proceedings of the ACM Symposium on Information, Computer and Communications Security (2006), ACM, New York, NY, USA 243-254
34. Janicke H., Cau A., and Zedan H. A notes on the formalisation of UCON. SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (2007), ACM, New York, NY, USA 163-168
35. M. Hilty, A. Pretschner, D.A. Basin, C. Schaefer, T. Walter, A policy language for distributed usage control, in: ESORICS'07 Proceedings, 2007, pp. 531-546.
36. Pretschner A., Schütz F., Schaefer C., and Walter T. Policy evolution in distributed usage control. Electron. Notes Theor. Comput. Sci. 244 (2009) 109-123
37. Pretschner A., Hilty M., Basin D., Schaefer C., and Walter T. Mechanisms for usage control. ASIACCS'08: Proceedings of ACM symposium on Information, Computer and Communications Security (2008), ACM, New York, NY, USA 240-244
38. Pretschner A., and Walter T. Negotiation of usage control policies - Simply the best?. ARES'08: Proceedings of Third International Conference on Availability, Reliability and Security (2008), IEEE Computer Society, Washington, DC, USA 1135-1136
39. Berthold A., Alam M., Breu R., Hafner M., Pretschner A., Seifert J.-P., and Zhang X. A technical architecture for enforcing usage control requirements in service-oriented architectures. SWS'07: Proceedings of ACM Workshop on Secure Web Services (2007), ACM, New York, NY, USA 18-25
40. Pretschner A., Massacci F., and Hilty M. Usage control in service-oriented architectures. In: Lambrinoudakis C., Pernul G., and Tjoa A.M. (Eds). TrustBus. Lecture Notes in Computer Science vol. 4657 (2007), Springer 83-93
41. Hilty M., Pretschner A., Schaefer C., and Walter T. Usage control requirements in mobile and ubiquitous computing applications. ICSNC'06: Proceedings of the International Conference on Systems and Networks Communication (2006), IEEE Computer Society, Washington, DC, USA
42. Baiardi F., Martinelli F., Mori P., and Vaccarelli A. Improving grid services security with fine grain policies. OTM Workshops. Lecture Notes in Computer Science (2004), Springer 123-134
43. Martinelli F., and Mori P. A Model for Usage Control in GRID systems. Proceedings of GRID-STP (2007), IEEE Press
44. Martinelli F., Mori P., and Vaccarelli A. Towards continuous usage control on grid computational services. ICAS-ICNS'05: Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services (2005), IEEE Computer Society, Washington, DC, USA
45. Massonet P., Arenas A., Martinelli F., Mori P., and Crispo B. Usage control for trust and security in next generation grids. At Your Service: Service Engineering in the Information Society Technologies Program (2008), MIT Press
46. Koshutanski H., Lazouski A., Martinelli F., and Mori P. Enhancing grid security by fine-grained behavioral control and negotiation-based authorization. Int. J. Inform. Secur. 8 4 (2009) 291-314
47. Jagadeesan R., Marrero W., Pitcher C., and Saraswat V. Timed constraint programming: A declarative approach to usage control. PPDP'05: Proceedings of the 7th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming (2005), ACM, New York, NY, USA 164-175
48. Li N., and Tripunitara M.V. Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9 4 (2006) 391-420
49. Li N., and Mitchell J.C. Beyond proof-of-compliance: Safety and availability analysis in trust management. Proceedings of IEEE Symposium on Security and Privacy (2003), IEEE Computer Society Press 123-139
50. B. Lampson, Protection, in: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, Princeton University, 1971, pp. 437-443.
51. Samarati P., and di Vimercati S.D.C. Access control: Policies, models, and mechanisms. FOSAD'00: International School on Foundations of Security Analysis and Design (2001), Springer-Verlag, London, UK 137-196
52. ITU-T Recommendation X.812, security frameworks for open systems: Access control framework, in: ISO/IEC 10181-3, Int'l Telecomm. Union, Geneva, 1996.
53. Zhang X., Nakae M., Covington M.J., and Sandhu R. A usage-based authorization framework for collaborative computing systems. SACMAT'06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies (2006), ACM, New York, NY, USA 180-189
54. Amril S., Toshihiro T., and Kouichi S. Usage control model and architecture for data confidentiality in a database service provider. Trans. Inform. Process. Soc. Japan 47 2 (2006) 621-626
55. C. Schaefer, Usage control reference monitor architecture, in: SECPerU 2007: Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2007, pp. 13-18.
56. Park J., and Sandhu R. Originator control in usage control. POLICY'02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (2002), IEEE Computer Society, Washington, DC, USA
57. Zhang X., Nakae M., Covington M.J., and Sandhu R. Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11 1 (2008) 1-36
58. Xu M., Jiang X., Sandhu R., and Zhang X. Towards a VMM-based usage control framework for OS kernel integrity protection. SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (2007), ACM, New York, NY, USA 71-80
59. Kyle D., and Brustoloni J.C. Uclinux: A linux security module for trusted-computing-based usage controls enforcement. STC'07: Proceedings of ACM Workshop on Scalable Trusted Computing (2007), ACM, New York, NY, USA 63-70
60. Lung L.C., Higashiyama M.S., Obelheiro R.R., and da Silva Fraga J. Adapting the UCON Usage Control Policies on CORBASec Infrastructure. AINAW'07: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops (2007), IEEE Computer Society, Washington, DC, USA 483-488
61. Alam M., Seifert J.-P., Li Q., and Zhang X. Usage control platformization via trustworthy SELinux. ASIACCS'08: Proceedings of ACM Symposium on Information, Computer and Communications Security (2008), ACM, New York, NY, USA 245-248
62. F. Stagni, A. Arenas, B. Aziz, On usage control in data grids, to appear in the 3rd IFIP International Conference on Trust Management, TM'09, June 2009.
63. Mei Y., Dong X., Wu W., Guan S., and Xu J. UCGS: A usage control approach for grid services. CISW'07: Proceedings of International Conference on Computational Intelligence and Security Workshops (2007), IEEE Computer Society, Washington, DC, USA 486-489
64. Wang H., Zhang Y., and Cao J. Ubiquitous computing environments and its usage access control. InfoScale'06: Proceedings of the 1st International Conference on Scalable Information Systems (2006), ACM, New York, NY, USA
65. S. Lili, L. Yan, XML schema in XML documents with usage control, Int. J. Comput. Sci. Netw. Secur.
66. Hafner M., Memon M., and Alam M. Modeling and enforcing advanced access control policies in healthcare systems with sectet. Models in Software Engineering (2008), Springer, Berlin/Heidelberg 132-144
67. Hong F., and Cui Y. Administrative usage control model for secure interoperability. PDCAT'06: Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (2006), IEEE Computer Society, Washington, DC, USA 86-89
68. K. Padayachee, J.H.P. Eloff, Enhancing optimistic access controls with usage control, in: TrustBus, 2007, pp. 75-82.
69. S.K. Nair, G. Gheorghe, B. Crispo, A.S. Tanenbaum, Enforcing DRM policies across applications, in: 8th ACM DRM Workshop, DRM 2008, 2008.
70. Zhao B., Sandhu R.S., Zhang X., and Qin X. Towards a times-based usage control model. In: Barker S., and Ahn G.-J. (Eds). DBSec. Lecture Notes in Computer Science vol. 4602 (2007), Springer 227-242
71. Xie H., Zhang B., and Hu D. A role-based dynamic authorization model and its implementation in PMI. CSSE'08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering (2008), IEEE Computer Society, Washington, DC, USA 661-664
72. Fang J., and Zou J. Times-based usage control model and its implication. SECTECH'08: Proceedings of the 2008 International Conference on Security Technology (2008), IEEE Computer Society, Washington, DC, USA 190-193
73. Wang F., Zhao L., Li C., Cheng Z., and Zhang Q. Usage control resource dissemination model based on fuzzy logic. FSKD'08: Proceedings of the 2008 Fifth International Conference on Fuzzy Systems and Knowledge Discovery (2008), IEEE Computer Society, Washington, DC, USA 454-458
74. H. Janicke, A. Cau, F.A. Siewe, H. Zedan, Concurrent enforcement of usage control policies, in: POLICY 2008: IEEE Workshop on Policies for Distributed Systems and Networks, 2008, pp. 111-118.
75. X. Zhang, J.-P. Seifert, R. Sandhu, Security enforcement model for distributed usage control, in: SUTC'08: IEEE International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing, 2008.
76. Wang F., and Wang F. The research and application of resource dissemination based on credibility and UCON. CIS'07: Proceedings of the 2007 International Conference on Computational Intelligence and Security (2007), IEEE Computer Society, Washington, DC, USA 584-588
77. Kim J., and Thuraisingham B. Design of secure CAMIN application system based on dependable and secure TMO and RT-UCON. ISORC'07: Proceedings of the 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (2007), IEEE Computer Society, Washington, DC, USA 146-155
78. Barka E., and Lakas A. Integrating usage control with SIP-based communications. J. Comput. Syst., Netw., Comm. 2008 3 (2008) 1-8
79. Ding Y., and Zou J. DRM Application in UCON. ASEA'08: Proceedings of the 2008 Advanced Software Engineering and Its Applications (2008), IEEE Computer Society, Washington, DC, USA 182-185