1 / 20

Towards A Times-based Usage Control Model

Towards A Times-based Usage Control Model. Baoxian Zhao 1 , Ravi Sandhu 2 , Xinwen Zhang 3 , and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA 2 Institute for Cyber-Security Research at the University of Texas, San Antonio, USA

Download Presentation

Towards A Times-based Usage Control Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Towards A Times-based Usage Control Model Baoxian Zhao1, Ravi Sandhu2, Xinwen Zhang3, and Xiaolin Qin4 1George Mason University, Fairfax, VA, USA 2 Institute for Cyber-Security Research at the University of Texas, San Antonio, USA 3Samsung Information Systems America, San Jose, CA, USA 4 Nanjing University of Aeronautics and Astronautics, Nanjing, China presented by Baoxian Zhao

  2. Outline • Reviewing access control models • Traditional access control models • Temporal access control models • Construction of the TUCON model • Preliminaries of the TUCON model • Times-based authorizations • Authorization rules • The implementation of access control • Conclusion and Future work

  3. Reviewing existing access control models • Traditional access control models >Discretionary Access Control (DAC) >Mandatory Access Control (MAC) >Role-based Access Control (RBAC) • Temporal access control models > The temporal authorization models suggested by E.Bertino et al 94,96,98 • Only applied to the DAC model >Temporal Data Authorization Model (TDAM), A. Gal et al 02 • Adding transaction time and valid time >TRBAC 01, GTRBAC 05 >> Adding temporal constraints to RBAC Model

  4. Limitations of existing access control models • Primary consider authorization decisions constrained by certain time periods • Authorizations are static authorization decisions > Authorizations are made at the requested time and hardly recognize ongoing controls for times constrained access or for immediate revocation > Once an authorization decision is made, the object can be accessed without limitation during a valid period!

  5. Requirements of new access control • Usage of a digital object can not only be time-independent, like read and write • But alsotemporal and times-consuming, such as payment-based online reading, or a downloadable music file that can only be played 10 times within a valid period. • It means that authorization can be updated during ongoing usage

  6. The principle of the TUCON model • Keeping the time periods • Authorizations are still constrained by the time periods • Introducing usage times • Times are consumed, to meet the request that the usage of digital objects can be consumed and limited • Times are decreased by 1, to update authorization during a single access process • New features of the TUCON model • Authorizations can be updated during ongoing usage. • Authorizations can be consumed • Effectively prevent systems from the attacks of DoS, such as nimda and red codes.

  7. Difference From UCON • In UCON model, it uses ABC (Authorization, oBligation, Condition) core models to solve these problems • In TUCON model, we consider temporal and consumed factors as attributes of Authorizations rather than attributes of subjects or objects • Support delegation • TUCON is simple to be implemented.

  8. Preliminaries of TUCON Definition 1 (Periodic expression) [ Bertino et al. 98] A periodic expression is defined as , where , and are calendars,for ,and . Here let D present the set of all valid periods. Example: From 9:00 AM to 12:00PM during workdays Definition 2 (Times)Times are a set of natural numbers, formally defined as

  9. Times-based Authorizations • Definition 3 (Times Authorization) A times authorization is a 6-tuple (pt,s, o, priv, pn, g), where , Example : Mary grants Bob 5 read privilege on the book of Sun (5, Bob, Sun, read, +, Mary) • Definition 4 (Non-Times Authorization) When pt= -1 in a tuple of times authorization, we call this kind of times authorization non-times authorization.

  10. Times-based Authorizations (cont) • Definition 5 (Times-based Authorization) A times-based authorization is a 3-tuple (time, period, auth) where time represents a time interval , period is a periodical expression, and auth is a 6-tuple authorization. ( ) Example : Between Jan. 12, 2001 and Dec. 24 , 2005, Tom has 6 times of privilege read on object file, but he can operate this privilege only on Tuesday each week. ([1/12/2001,12/24/2005],Weaks+2.days,(6,Tom, file, read,+, Sam) )

  11. Authorization rules • Definition 6 (Grant Rule) A grant rule is defined as the form of: Li can be a trigger condition expression. Example 1 In an application system Business_system, if a registered user Bob pre-pays $1000, he can enjoy a certain super-value service m for 6 times during every Friday since the time 09/12/2006. Let this privilege be super. access( [09/12/2006,+∞] , Weeks+5.days, (6, Bob , m, super, +, Business_system)) prepay(Bob,1000) & register (Bob)

  12. Authorization rules (cont) • Definition 7 (Derived Rule) A derived rule is defined as the form of: Li can be access with conditional expressions • Example 2 Now Bob wants to transfer 3 times for enjoying the service m to another user Alice. deraccess( [09/12/2006,+ ∞ ] , Weeks+5.days, (3, Alice , m, super, +, Business_system))  access ( [09/12/2006,+ ∞ ] , Weeks+5.days, (6, Bob , m, super,+, Business system)) & give(3, Alice, m, super, Bob) & less(3,6) deraccess( [09/12/2006,+ ∞] , Weaks+5.days, (3, Bob , m, super, +, Business_system))  access ( [09/12/2006,+ ∞ ] , Weeks+5.days, (6, Bob , m, super,+, Business system)) & give(3, Alice, m, super, Bob) & less(3,6)

  13. Authorization rules (cont) • Definition 8 (Resolution Rule) A resolution rule is defined as the form of: Li can be access or deraccess or condition expressions specified by security policy Example 3 In example 2, if Alice has 4 times super right on service m. force_access( [09/12/2006,+ ∞ ] , Weaks+5.days, (7, Alice , m, super, +, Business_system))  access ( [09/12/2006,+ ∞ ] , Weeks+5.days, (4, Alice , m, super, +, Business system)) & deraccess ( [09/12/2006,+ ∞ ] , Weeks+5.days, (3, Alice , m, super, +, Business system))

  14. Completeness of rules • THEOREM 1 ( Completeness) The policy in TUCON can be specified by a non-empty set of TUCON rules. Proof: 1 no conflict decisions 2 specifying all possible decisions

  15. The Implementation of Access control • Grant privileges • Access objects • Revoke privileges

  16. Grant privileges • Times-based authorization >here, pt >0 and pn= + • Unlimited authorization >pt=-1 and pn = + How about Times-based authorization &Unlimited authorization?

  17. Access objects • Times-based Authorization Base (TAB) > A set of authorizations, in which there is no conflict authorizations. • Valid Access Function > A function to check every access request against the current TAB to determine whether the access is authorized.

  18. Revoke privileges • Time intervals > time intervals is expired! • Usage Times > pt=0 • Other factors > Abusing privileges > Breaking security policies

  19. Conclusion and Future Work • Wide applications, especially in times-metered systems • Viewed as a solution to some specific problems of mutable attributes in modern access control • Extend the model by considering different intervals and different periods. • Develop the administration of authorization in UCON Using temporal logic to express?

  20. Any Question? Thank you !

More Related