1 / 29

UCON Model

UCON Model . 51000448 - Huỳnh Châu Duy. OUTLINE. UCON MODEL. Traditional access control. Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Focus in a closed system environment

lavi
Download Presentation

UCON Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UCON Model 51000448 - HuỳnhChâuDuy

  2. OUTLINE

  3. UCON MODEL

  4. Traditional access control • Mandatory Access Control (MAC) • Discretionary Access Control (DAC) • Role Based Access Control (RBAC) • Focus in a closed system environment • Not adequate for today’s distributed, network-connected digital environment. • Authorization only • Decision is made before access • No consumable rights • Rights are pre-defined and granted to subjects

  5. DIGITAL RIGHT MANAGEMENT(DRM) • Controlling and tracking access to and use of digital information objects at client-side. • Mainly focus on intellectual property rights protection. • Lack of access control model.

  6. PROBLEM

  7. UCON MODEL

  8. UCONABC MODEL COMPONENTS

  9. UCONABC MODEL COMPONENTS • Subjects • Attributes • Consumer Subjects • Provider Subjects • Identifiee Subjects • Objects • Attributes • Rights

  10. WHAT IS UCONABC MODEL?

  11. AUTHORIZATIONS • Functional predicates that have to be evaluated for usage decision. • Return whether the subject(requester) is allowed to perform the requested rights on the object. • Authorizations can be either pre-authorizations (preA) or ongoing-authorizations (onA).

  12. OBLIGATIONS • Functional predicates that verify mandatory requirements a subject has to perform before or during a usage exercise. • Obligations can be either pre-obligations (preB) or ongoing-obligations (onB)

  13. CONDITIONS • Environmental or system-oriented decision factors. • Unlike authorizations or obligations, condition variables cannot be mutable. • Evaluation of conditions cannot update any subject or object attributes.

  14. OUTLINE

  15. CORE MODEL The 16 basic UCONABC models

  16. CORE MODEL

  17. CORE MODEL Example : - Pay-per-view (preUpdate) - Metered payment (postUpdate)

  18. CORE MODEL Example : Pay-per-Minutes

  19. CORE MODEL

  20. CORE MODEL Example : Free Internet Service

  21. CORE MODEL

  22. CORE MODEL

  23. CORE MODEL • Example : • Healthcare • Education • Long-distance phone • Pre-paid phone card • Click Ad within every 30 minutes • Business Hour

  24. OUTLINE

  25. COMPARISON

  26. COMPARISON

  27. OUTLINE

  28. CONSLUSION • UCONABC leaves open the architecture and mechanisms for providing trusted attributes.

More Related