Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

Adders Used to perform addition, subtraction, multiplication, and division (sometimes) Half-adder adds rightmost (least significant) bit Full-adder.
AP STUDY SESSION 2.
1
Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Objectives: Generate and describe sequences. Vocabulary:
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Week 2 The Object-Oriented Approach to Requirements
Break Time Remaining 10:00.
Turing Machines.
PP Test Review Sections 6-1 to 6-6
Bright Futures Guidelines Priorities and Screening Tables
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Bellwork Do the following problem on a ½ sheet of paper and turn in.
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Name Convolutional codes Tomashevich Victor. Name- 2 - Introduction Convolutional codes map information to code bits sequentially by convolving a sequence.
Sample Service Screenshots Enterprise Cloud Service 11.3.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Adding Up In Chunks.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
Subtraction: Adding UP
1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.
Analyzing Genes and Genomes
1 Let’s Recapitulate. 2 Regular Languages DFAs NFAs Regular Expressions Regular Grammars.
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Clock will move after 1 minute
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Physics for Scientists & Engineers, 3rd Edition
Energy Generation in Mitochondria and Chlorplasts
Select a time to count down from the clock above
Murach’s OS/390 and z/OS JCLChapter 16, Slide 1 © 2002, Mike Murach & Associates, Inc.
1 Decidability continued…. 2 Theorem: For a recursively enumerable language it is undecidable to determine whether is finite Proof: We will reduce the.
UCON M ODEL Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access.
1 Usage Control (UCON) or ABAC on Steroids Prof. Ravi Sandhu Executive Director and Endowed Chair February 26, 2016
Presentation transcript:

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University

2 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Applications of Logical Model Conclusions and Future Work

3 UCON A unified framework for next generation access control A comprehensive model to represent the underlying mechanism of existing access control models and policies. Try to extend the limits of traditional access control models: –Authorization only – No obligation or condition based control –Identity based only – No attributes based support –Decision is made before access – No ongoing control –No consumable rights - No mutable attributes –Rights are pre-defined and granted to subjects

4 UCON UCON provides a general model beyond DRM and Trust management: –Digital Rights Management (DRM) Mainly focus on intellectual property rights protection with architecture and mechanism level studies Lack of access control model –Trust Management Authorization for strangers access based on credentials Lack of an abstract model for attribute-based authorization

5 OM-AM Layered Approach

6 Related Work: UCON Model UCON: –A Unified model for next generation access control, constructed by integrating obligations, conditions as well as authorizations, and by including continuity and mutability properties. Components: –Subjects and attributes –Objects and attributes –Generic rights –Decision components: Authorization Obligations Conditions

7 UCON Model Unique properties beyond traditional models: –3 phases for single usage process –Continuity of decisions: Decision check can be performed in the first 2 phases. –Mutability of attributes: Attributes updated can be performed as result of usage actions in all 3 phases.

8 Core Models According to the authorization control attribute update points, we have seven core authorization models: –preA 0 : control decision is determined before access, and there is no attribute update. –preA 1 : control decision and and attribute update before access. –preA 3 : control decision is determined before access, and attribute update after access. –onA 0 : control decision is checked and determined during usage, and there is no attribute update. –onA 1 : control decision is checked and determined during usage, and there is attribute update before access. –onA 2 : control decision is checked and determined during usage, and there is attribute update during usage. –onA 3 : control decision is checked and determined during usage, and there is attribute update after usage. Similarly, a set of core models are defined with obligations and conditions. A real UCON system may be a hybrid of them.

9 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Applications of Logical Model Conclusions and Future Work

10 Temporal Logic of Action Basic Terms: –Variables: x, y –Values: 5, abc –Constants –A state is an assignment of values to variables Functions: nonboolean expression with variables and constants –Semantically, a function is a mapping from states to values. State Predicates: boolean expression with variables and constants –Semantically, a predicate is a mapping from states to booleans. Actions: boolean expression with variables, primed variables, and constants –Semantically, an action is a function assigning a boolean to a pair of states (s,t), where s is the old state with variables, and t is the new state with primed variables.

11 TLA Behavior: a sequence of states Semantics of an action A: Temporal operator: (always) Temporal Formula: Semantics: e.g: for action A of x=y+1, its value is where is the value of x in state s1, and is the value of y in state s0.

12 TLA Other temporal operators: –Eventually: –Next: –Until: Past temporal operators: –Has-always-been, Once, Previous, Since

13 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Expressivity and Flexibility Conclusions and Future Work

14 Logical Model of UCON: States and Attributes A state of a UCON system is a set of assignments of values to attributes: –Subject attributes: role=employee security clearance = secret credit amount = $ –Object attributes: type=file ACL={(Alice, read),(Bob, write)} –System attributes: system time platform location –A special system attribute: state(s,o,r)={initial, requesting, denied, accessing, revoked, end} To specify the status of a single access process (s,o,r) Authorization actions defined to change this state.

15 Logical Model of UCON: Predicates Predicates: boolean expression built from subject attributes, object attributes, and system attributes. –Mapping a state to True/False –Unary predicates: Alice.credit > $1000, file1.classification = secure –Binary predicates: Dominate(Alice.clearance, file1.classification) (Bob, read) file2.ACL –Ternary predicate permit(s,o,r): Specify usage control decisions True if a s is allowed to access o with r.

16 Logic Model of UCON: Actions Actions: boolean expressions built from attributes in two states. –Alice.credit=Alice.credit - $50.0 Two types of actions: –Control actions: change the state of single usage process Actions performed by the subject Actions performed by the system –Obligation actions: Actions that have to be performed before or during an access. May or may not be performed by the requesting subject and on the target object.

17 Logic Model of UCON The logical model of a UCON system is a 5-tuple: (S, P A, P C, A A, A B ), where –S is a sequence of states of the system, –P A is a finite set of authorization predicates built from the attributes of subjects and objects, –P C is a finite set of condition predicates built from the system attributes, –A A is a finite set of control actions, –A B is a finite set of obligation actions. A UCON policy is a logic formula consisting of predicates, actions, and logical and temporal operators: –Where a is an action, p is a predicate with term t 1,t 2,…t n

18 Logical Model of UCON Semantics:

19 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Applications of Logical Model Conclusions and Future Work

20 Specification of Core Model preA 0 : Example 2: BLP model Example 3: DAC with ACL

21 Specification of Core Model preA 1 : Example 4: DRM pay-per-use application

22 Specification of Core Model preA 3 :

23 Specification of Core Model onA 0 : Example 6:

24 Specification of Core Model onA 1 : onA 2 : onA 3 :

25 Specification of Core Model Example 7: Resource-constrained access control –Limited number (10) of ongoing accessing for a single object –Object attribute: –When 11 th subject requesting new access, one ongoing accessing will be revoked. a. the earliest usage will be revoked: onA 13 Subject attribute: startTime

26 Specification of Core Model b. revocation by longest idle usage: onA 123 Subject attributes: status (with value of busy or idle), idleTime

27 Specification of Core Model c. revocation by longest total usage: onA 13 Subject attribute: usageTime

28 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Applications of Logical Model Conclusions and Future Work

29 Obligations An obligation is an action described by ob(s, o, r, s b, o b ) –ob is the action name, –(s, o, r) is a particular usage process requiring the obligation, –s b, o b are obligation subject and object. Two types of obligations in UCON: –pre-obligations, which must have been performed before access. –ongoing-obligations, which must be performed during usage. Obligations that have to be performed after an access, since they only affect the future usage process, are considered as global obligations

30 Obligation Model Core obligation models: –preB 0 : A usage control decision is determined by obligations before an access, and there is no attribute update before, during, or after the usage. –preB 1 : A usage control decision is determined by obligations before an access, and one or more subject or object attributes are updated before the usage. –preB 3 : A usage control decision is determined by obligations before an access, and one or more subject or object attributes are updated after the usage. –onB 0 : Usage control is checked and the decision is determined by obligations during an access, and there is no attribute update before, during, or after the usage. –onB 1 : Usage control is checked and the decision is determined by obligations during an access, and one or more subject or object attributes are updated before the usage. –onB 2 : Usage control is checked and the decision is determined by obligations during an access, and one or more subject or object attributes are updated during the usage. –onB 3 : Usage control is checked and the decision is determined by obligations during an access, and one or more subject or object attributes are updated after the usage.

31 Specification of Core Model preB 1 :

32 Specification of Core Model preB 1 :

33 Specification of Core Model onB 0 :

34 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Applications of Logical Model Conclusions and Future Work

35 Conditions Conditions are environment restrictions before or during usage. In UCON, a condition is a predicate built from system attributes, such as time and location. Two types of conditions: –pre-conditions: conditions that must be true before an access. –ongoing-conditions: conditions that must be true during the process of accessing an object. preC 0 : onC 0 :

36 Outline Introduction of UCON Temporal Logic of Action (TLA) Logic Model for UCON with TLA Specification of Authorization Core Models Specification of Obligation Core Models Specification of Condition Core Models Applications of Logical Model Conclusions and Future Work

37 Application RBAC1 model: preA 0

38 Application RBAC2: preA 1

39 Application Chinese Wall Policy: preA 1

40 Application MAC with high watermark

41 Conclusions A logical model for UCON with: –States with: subject attributes and values Object attributes and values System attribute and values –Predicates: Authorization predicates built from subject and object attributes Condition predicates built from system attributes –Actions: Attribute update actions Usage control actions Obligation actions –Temporal formulas of usage control policies First-order logic specification of the UCON models with new features of mutability and continuality

42 Future Work Formal study: –Enrich logical model, such as constraints, delegations –Expressive power and safety analysis of UCON with logical formalization Development of architecture and mechanism for UCON system –DRM technologies –Trusted computing technologies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.