ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Safety analysis of usage control authorization models
Full text PdfPdf (311 KB)
Source ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 2006 ACM Symposium on Information, computer and communications security table of contents
Taipei, Taiwan
SESSION: Access control and authorization table of contents
Pages: 243 - 254  
Year of Publication: 2006
ISBN:1-59593-272-0
Authors
Xinwen Zhang  George Mason University
Ravi Sandhu  George Mason University and TriCipher Inc.
Francesco Parisi-Presicce  George Mason University and Univ. di Roma La Sapienza, Italy
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 35,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1128817.1128853
What is a DOI?

ABSTRACT

The usage control (UCON) model was introduced as a unified approach to capture a number of extensions for traditional access control models. While the policy specification flexibility and expressive power of this model have been studied in previous work, as a related and fundamental problem, the safety analysis of UCON has not been explored. This paper presents two fundamental safety results for UCONA, a sub-model of UCON only considering authorizations. In UCONA, an access control decision is based on the subject and/or the object attributes, which can be changed as the side-effects of using the access right, resulting in possible changes to future access control decisions. Hence the safety question in UCONA is all the more pressing since every access can potentially enable additional permissions due to the mutability of attributes in UCON. In this paper, first we show that the safety problem is in general undecidable. Then, we show that a restricted form of UCONA with finite attribute value domains and acyclic attribute creation relation has a decidable safety property. The decidable model maintains good expressive power as shown by specifying an RBAC system with a specific user-role assignment scheme and a DRM application with consumable rights.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
D. E. Bell and L. J. Lapadula, Secure Computer Systems: Mathematical Foundations and Model. Mitre Corp. Report No.M74--244, Bedford, Mass., 1975.
 
2
M. Bishop, Theft of Information in the Take-Grant Protection Model, In Proc. of IEEE Computer Security Foundation Workshop, 1988.
3
Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976  [doi>10.1145/360051.360056]
4
David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
5
Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976  [doi>10.1145/360303.360333]
6
Trent Jaeger , Jonathon E. Tidswell, Practical safety in flexible access control models, ACM Transactions on Information and System Security (TISSEC), v.4 n.2, p.158-190, May 2001  [doi>10.1145/501963.501966]
 
7
Manuel Koch , Luigi V. Mancini , Francesco Parisi-Presicce, Decidability of Safety in Graph-Based Models for Access Control, Proceedings of the 7th European Symposium on Research in Computer Security, p.229-243, October 14-16, 2002
8
Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990058]
9
R. J. Lipton , L. Snyder, A Linear Time Algorithm for Deciding Subject Security, Journal of the ACM (JACM), v.24 n.3, p.455-464, July 1977  [doi>10.1145/322017.322025]
10
Rajeev Motwani , Rina Panigrahy , Vijay Saraswat , Suresh Ventkatasubramanian, On the decidability of accessibility problems (extended abstract), Proceedings of the thirty-second annual ACM symposium on Theory of computing, p.306-315, May 21-23, 2000, Portland, Oregon, United States  [doi>10.1145/335305.335341]
11
Jaehong Park , Ravi Sandhu, The UCONABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004  [doi>10.1145/984334.984339]
 
12
J. Park, X. Zhang, and R. Sandhu, Attribute Mutability in Usage Control, In Proc. of the Annual IFIP WG 11.3 Working Conference on Data and Applications Security, 2004.
13
Ravinderpal Singh Sandhu, The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM (JACM), v.35 n.2, p.404-432, April 1988  [doi>10.1145/42282.42286]
 
14
Ravi S. Sandhu, The Typed Access Matrix Model, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.122, May 04-06, 1992
 
15
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845 ]
16
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
17
Michael Sipser, Introduction to the Theory of Computation: Preliminary Edition, PWS Publishing Co., Boston, MA, 1996
 
18
Masakazu Soshi, Safety Analysis of the Dynamic-Typed Access Matrix Model, Proceedings of the 6th European Symposium on Research in Computer Security, p.106-121, October 04-06, 2000
19
Xinwen Zhang , Jaehong Park , Francesco Parisi-Presicce , Ravi Sandhu, A logical specification for usage control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990038]

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Security


Keywords:
UCON, access control, authorization, safety, usage control

Collaborative Colleagues:
Xinwen Zhang: colleagues
Ravi Sandhu: colleagues
Francesco Parisi-Presicce: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player