Ulrich Schöpp, Chuangjie Xu, Amjad Ibrahim, Fathiyeh Faghih, T. Dimitrakos
{"title":"指定使用控制系统","authors":"Ulrich Schöpp, Chuangjie Xu, Amjad Ibrahim, Fathiyeh Faghih, T. Dimitrakos","doi":"10.1145/3589608.3593843","DOIUrl":null,"url":null,"abstract":"Modern system architectures require sophisticated access and usage control mechanisms. The need stems from demanding requirements for security, data sovereignty and privacy regulations, as well as the challenges presented by architectural approaches like zero trust networking. Usage control systems provide one approach to encapsulate and manage the complexities related to access and usage control. In order to trust a usage control system, it is essential to ensure that usage control policies express the intended properties and are enforced correctly. To achieve this, we need a precise specification of the intended behavior of a usage control system. For attribute-based access control, the XACML standard is a sufficient specification of the behavior of policies. Usage control models, such as UCON, extend access control with features for continuous authorization based on mutability of attribute values. This adds significant complexity to the problem of specifying the intended behavior. In this paper, we identify challenges with specifying a practical usage control system regarding continuous control, obligations, and concurrency aspects. We describe an approach to specifying the UCON+ model of Dimitrakos et al. and outline an implementation of the specification with Answer Set Programming.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Specifying a Usage Control System\",\"authors\":\"Ulrich Schöpp, Chuangjie Xu, Amjad Ibrahim, Fathiyeh Faghih, T. Dimitrakos\",\"doi\":\"10.1145/3589608.3593843\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern system architectures require sophisticated access and usage control mechanisms. The need stems from demanding requirements for security, data sovereignty and privacy regulations, as well as the challenges presented by architectural approaches like zero trust networking. Usage control systems provide one approach to encapsulate and manage the complexities related to access and usage control. In order to trust a usage control system, it is essential to ensure that usage control policies express the intended properties and are enforced correctly. To achieve this, we need a precise specification of the intended behavior of a usage control system. For attribute-based access control, the XACML standard is a sufficient specification of the behavior of policies. Usage control models, such as UCON, extend access control with features for continuous authorization based on mutability of attribute values. This adds significant complexity to the problem of specifying the intended behavior. In this paper, we identify challenges with specifying a practical usage control system regarding continuous control, obligations, and concurrency aspects. We describe an approach to specifying the UCON+ model of Dimitrakos et al. and outline an implementation of the specification with Answer Set Programming.\",\"PeriodicalId\":124020,\"journal\":{\"name\":\"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3589608.3593843\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3589608.3593843","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Modern system architectures require sophisticated access and usage control mechanisms. The need stems from demanding requirements for security, data sovereignty and privacy regulations, as well as the challenges presented by architectural approaches like zero trust networking. Usage control systems provide one approach to encapsulate and manage the complexities related to access and usage control. In order to trust a usage control system, it is essential to ensure that usage control policies express the intended properties and are enforced correctly. To achieve this, we need a precise specification of the intended behavior of a usage control system. For attribute-based access control, the XACML standard is a sufficient specification of the behavior of policies. Usage control models, such as UCON, extend access control with features for continuous authorization based on mutability of attribute values. This adds significant complexity to the problem of specifying the intended behavior. In this paper, we identify challenges with specifying a practical usage control system regarding continuous control, obligations, and concurrency aspects. We describe an approach to specifying the UCON+ model of Dimitrakos et al. and outline an implementation of the specification with Answer Set Programming.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
