Research on Usage Control Model in Dynamic Openly Systems
|School||Nanjing University of Aeronautics and Astronautics|
|Course||Applied Computer Technology|
|Keywords||Information Security Access Control Usage Control (UCON) Security Policy SecurityModel Role-based Access Control(RBAC)|
Traditional access control model are all based on closed computing environment, the check ofsecurity policy is verified before access process, and then do not be verified again during accessprocess. But in dynamic openly systems, it has property about entity attribute mutability, accesscontrol continuity and entity decentralization. Traditional access control models cannot capture theaspects of usage decisions in the modern information systems. The concept of usage control has beenintroduced for the new demands, it is control the usage of data otherwise the access of data. The mostimportant research achievement is Usage CONtrol model (UCON). UCON model is recentlyproposed to be the next generation access control model. Two distinguishing features of UCONbeyond traditional access control models are the continuity of access decision and the mutability ofsubject and object attributes. Our works are based on UCON model and try to extend the definitionand architecture to make it more useful in the dynamic openly network systems. We surveys theliterature and research on usage control model, present all the definitions of24sub-models, analysisthe definition, architecture and enforcement of UCON model, present the formalization of it andsummaries the application of UCON model. Then, future research directions are discussed.In order to resolve the extraordinary complexity of safety in the Usage Control models(UCON),first we gave the formal specifications of Usage Control (UCON) model. But just a single usageprocess is described in form of a state diagram in early formalization. It made it difficult to reasonabout the interactions of several concurrent usage requests. We define the syntax and semantic of theextended CTL. Then, we present an alternative formalization of UCON using as the underlyingformalism. Based on the work of safety analysis of UCONpreAmodels, we’ve finish safety analysis ofongoing-authorization UCON models(UCONonA). Finally, we analyze the information flow in aUCON system and present some theory and rules.Now the new internet like as Internet of Things and Grid system has the characters of openly,distributed and dynamic and need distributed usage control on data resource. This paper introduces aformal distributed usage control model(DUCON) of dynamic openly networks. Give the formalspecification of the security polices in DUCON using the extended CTL. Introduce an architectureand implementation. And last we show the flexibility and expressive capability of DUCON.Decentralized control and dynamic collaborations comprise two key characteristics of newgeneration network systems. Usage Control(UCON) model has the advantage of automatic authorization. Nevertheless, UCON lacks administrative models and low efficiency makes it morecomplex when applied to large systems. So far RBAC are gaining the most popularity for providingsecurity and services in network systems, but it still has the limitations of centralized control andstatic authorization. We propose the Role Based Usage Control(RBUC) model to deal with thisproblem. Present the architecture and definition of RBUC model. Finally, we introduce the formalspecification of single usage process.Another atuomoatic configuration method of RBAC is role mining. But most of the existing rolemining techniques do not consider the existing RBAC configuration and try to define everything fromscratch. And the definitions of similarity in the literature are all not satisfied the commutative law. Inthis paper we formally define a hybrid role mining methods. We present similarity of role sets forminimal perturbation that satisfied the commutative law and the calculate similarity algorithm. Finally,the hybrid role mining algorithm with minimal perturbation is presented. Analyze the algorithmcomputational complexity and evaluate the effectiveness of the algorithm, the evaluation demonstratesthe correctness and effectiveness of our approach.