SaaS Access Control Research Based on UCON

Abstract

SaaS access control security issues become increasingly significant. How to ensure that user data's confidentiality, integrity and scalability has become the focus problems. To solve this problem, we have studied the usage control (UCON) model which can achieve dynamic access control by mutability of attributes and continuity of decisions. SaaS access control needs the duribility of obligations. However, UCON does not have this feature. In order to achieve fine-grained, and secure access control preferably, we propose a UCON post-obligation model. At the same time, we use set theory and logic predicates to define the UCON post-obligation model. On that basis, we combine different UCON models and features of SaaS, and put forward a common access control flow to achieve the user data's privacy protection.