Presentation is loading. Please wait.

Presentation is loading. Please wait.

UCON M ODEL 51000448 - Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access.

Published byClyde Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "UCON M ODEL 51000448 - Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access."— Presentation transcript:

1 UCON M ODEL 51000448 - Huỳnh Châu Duy

2 OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

3 UCON MODEL WHAT?WHEN? WHAT FOR? WHY?

4 TRADITIONAL ACCESS CONTROL Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Focus in a closed system environment Not adequate for today’s distributed, network- connected digital environment. Authorization only Decision is made before access No consumable rights Rights are pre-defined and granted to subjects

5 DIGITAL RIGHT MANAGEMENT(DRM) Controlling and tracking access to and use of digital information objects at client-side. Mainly focus on intellectual property rights protection. Lack of access control model.

6 PROBLEM

7 UCON MODEL WHAT?WHEN? WHAT FOR? WHY?

8 UCON ABC MODEL COMPONENTS

9 Subjects Attributes Consumer Subjects Provider Subjects Identifiee Subjects Objects Attributes Rights

10 WHAT IS UCON ABC MODEL? OBLIGATIONS AUTHORIZATIONS CONDITIONS

11 AUTHORIZATIONS Functional predicates that have to be evaluated for usage decision. Return whether the subject(requester) is allowed to perform the requested rights on the object. Authorizations can be either pre-authorizations (preA) or ongoing-authorizations (onA).

12 OBLIGATIONS Functional predicates that verify mandatory requirements a subject has to perform before or during a usage exercise. Obligations can be either pre-obligations (preB) or ongoing-obligations (onB)

13 CONDITIONS Environmental or system-oriented decision factors. Unlike authorizations or obligations, condition variables cannot be mutable. Evaluation of conditions cannot update any subject or object attributes.

14 OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

15 CORE MODEL The 16 basic UCON ABC models 0 immutable 1 pre_update 2 ongoing_update 3 post_update preAYYNY onAYYYY preBYYNY onBYYYY preCYNNN onCYNNN

16 CORE MODEL AUTHORIZATIONS preA onA

17 CORE MODEL preA preA0 preA1 preA3 Example : - Pay-per-view (preUpdate) - Metered payment (postUpdate)

18 CORE MODEL onA onA0 onA1 onA2 onA3 Example : Pay-per-Minutes

19 CORE MODEL OBLIGATIONS preB onB

20 CORE MODEL preB preB0 preB1 preB3 Example : Free Internet Service

21 CORE MODEL onB onB0 onB1 onB2 onB3

22 CORE MODEL CONDITIONS preC onC

23 CORE MODEL Example : Healthcare Education Long-distance phone Pre-paid phone card Click Ad within every 30 minutes Business Hour

24 OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

25 COMPARISON Traditional Access Control RBAC MAC DAC UCON MODEL Authorizations Obligations Conditions

26 COMPARISON DRM pay-per-use multiple credits UCON MODEL Authorizations Obligations Conditions

27 OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

28 CONSLUSION UCON ABC leaves open the architecture and mechanisms for providing trusted attributes.

29

Download ppt "UCON M ODEL 51000448 - Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Institute for Cyber Security

Institute for Cyber Security
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park (www.list.gmu.edu) Laboratory for Information Security.

Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park ( Laboratory for Information Security.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Similar presentations

Ads by Google