Recently presented usage control (UCON) has been considered as the next generation access control model with distinguishing properties of decision continuity and attribute mutability. Ausage control decision is determined by combining authorizations, obligations, and conditions, presented as UCONABC core models by Park and Sandhu. Based on these core aspects, we develop afirst-order logic specification of UCON with Lamport's temporallogic of actions (TLA). The building blocks of this model include:(1) a sequence of states expressed by attributes of subjects, objects, and the system, (2) state predicates on subject andobject attributes, (3) pre-defined authorization actions performed by the security system and subjects, (4) obligation actions, and(5) condition predicates on system attributes. For a UCON model we define a set of temporal logic formulas that hold as usage control policies. We show the flexibility and expressive capability of this logic model by specifying the new features and core models of UCON.
A Logical Specification for Usage Control / Xinwen, Zhang; Jaehong, Park; PARISI PRESICCE, Francesco; Ravi, Sandhu. - STAMPA. - (2004), pp. 1-10. (Intervento presentato al convegno SACMAT 2004 tenutosi a Yorktown Heights, New York, USA nel 2004) [10.1145/990036.990038].
A Logical Specification for Usage Control
PARISI PRESICCE, Francesco;
2004
Abstract
Recently presented usage control (UCON) has been considered as the next generation access control model with distinguishing properties of decision continuity and attribute mutability. Ausage control decision is determined by combining authorizations, obligations, and conditions, presented as UCONABC core models by Park and Sandhu. Based on these core aspects, we develop afirst-order logic specification of UCON with Lamport's temporallogic of actions (TLA). The building blocks of this model include:(1) a sequence of states expressed by attributes of subjects, objects, and the system, (2) state predicates on subject andobject attributes, (3) pre-defined authorization actions performed by the security system and subjects, (4) obligation actions, and(5) condition predicates on system attributes. For a UCON model we define a set of temporal logic formulas that hold as usage control policies. We show the flexibility and expressive capability of this logic model by specifying the new features and core models of UCON.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
