Usage Control Model Specification in XACML Policy Language - XACML Policy Engine of UCON

  title={Usage Control Model Specification in XACML Policy Language - XACML Policy Engine of UCON},
  author={Um-e-Ghazia and Rahat Masood and Muhammad Awais Shibli and Muhammad Bilal},
Usage control model (UCON) is one of the emerging and comprehensive attribute based access control model that has the ability of monitoring the continuous updates in a system making it better than the other models of access control. UCON is suitable for the distributed environment of grid and cloud computing platforms however the proper formulation of this model does not exist in literature in any policy specification standard. It is for this reason that UCON is not widely adopted as an access… 

UconXACML:an implementation of UCON in XACML

The goal of this project is to extend XACML, a standardised access control policy language with features introduced by UCON, by providing an mapping of UCON features that meets this requirement, and presenting a software implementation of an extendedXACML architecture capable of evaluating and enforcing XAC ML policies using the proposed UCON extensions.

Modelling Fine-Grained Access Control Policies in Grids

  • B. Aziz
  • Computer Science
    Journal of Grid Computing
  • 2015
An abstract specification of an enforcement mechanism of usage control for Grids is presented, and formally that such mechanism enforces UCON policies are verified, based on KAOS, a goal-oriented requirements engineering methodology with a formal LTL-based language and semantics.

Cloud authorization: exploring techniques and approach towards effective access control framework

It is concluded that a meticulous research is needed to incorporate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple access control models.

Position paper: Towards End-to-end Privacy for Publish/Subscribe Architectures in the Internet of Things

This paper suggests an architecture to enforce end-to-end data usage control in Distributed Event-Based Systems (DEBS), from data producers to consumer services, taking into account some of the GDPR requirements concerning consent management and data processing transparency.

The Need for Machine-Processable Agreements in Health Data Management

This paper develops an application for sharing patient genomic information and test results, and uses interactions with patients and clinicians in order to identify the particular peculiarities a privacy/policy/consent language should offer in this complicated domain.

Towards a Full Support of Obligations in XACML

Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy.

Security and Privacy Policy Languages: A Survey, Categorization and Gap Identification

This work gives an overview on 27 security and privacy policy languages and presents a categorization framework for policy languages, showing how the current policy languages are represented in the framework and summarize the interpretation.

Integrity Levels: A New Paradigm for Protecting Computing Systems

  • C. JenkinsL. Pierson
  • Computer Science
    2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications
  • 2014
This work proposes an innovative approach to designing computer systems that allows the behavior or functionality of the computer system to change based on the integrity of the system, and believes this innovative paradigm can determine the "integrity level" of theSystem.

EACF: extensible access control framework for cloud environments

An Extensible Access Control Framework (EACF) for cloud-based applications is presented, which provides high-level extensibility by incorporating different access control models about the needs of the Cloud service consumers (organizations).



A general obligation model and continuity: enhanced policy enforcement engine for usage control

The core UCON model is extended with continuous usage sessions thus extensively augment the expressiveness of obligations in UCON, and a general, continuity-enhanced and configurable usage control enforcement engine is proposed.

An extended RBAC profile of XACML

This work analyzes the RBAC profile of XACML, showing its limitations to respond to all the requirements for access control, and suggests adding some functionalities within an extended RBAC Profile ofXACML to response to more advanced access control requirements.

The UCONABC usage control model

This paper introduces the family of UCONABC models for usage control (UCON), which integrate Authorizations, oBligations, and Conditions (C), and addresses the essence of U CON, leaving administration, delegation, and other important but second-order issues for later work.

A logical specification for usage control

This work develops afirst-order logic specification of UCON with Lamport's temporallogic of actions (TLA) and shows the flexibility and expressive capability of this logic model by specifying the new features and core models of U CON.

Secure Interoperation in Multidomain Environments Employing UCON Policies

This paper proposes an attribute mapping technique to establish secure context in multidomain environments and study how conflicts arise and shows that it is efficient to resolve the security violations of cyclic inheritance and separation of duty.

Towards usage control models: beyond traditional access control

The concept of Usage Control (UCON) is developed that encompasses traditional access control, trust management, and digital rights management and goes beyond them in its definition and scope and offers a promising approach for the next generation of access control.

Usage control in computer security: A survey

On the Definition of Access Control Requirements for Grid and Cloud Computing Systems

A four-layer conceptual categorization of access control requirements is proposed and an example is given so that to demonstrate the utilization of the proposed categorization in a grid scenario for defining Access Control requirements.

Toward a Usage-Based Security Framework for Collaborative Computing Systems

This article proposes a usage control (UCON) based security framework for collaborative applications, by following a layered approach with policy, enforcement, and implementation models, called the PEI framework.

On Usage Control of Multimedia Content in and through Cloud Computing Paradigm

A robust architecture to provide fine-grained control over usage of protected objects through the use of emerging cloud computing paradigm is proposed and the design principles for this realization are presented and a prototype implementation of the proposed architecture is discussed.