Information Technology Reference
In-Depth Information
modern applications and systems. Coming from multiple perspectives, these re-
searchers have given us new concepts such as trust management, digital rights
management (DRM), task-based access control, provisional authorization, obli-
gations and more. The focused perspective has led researchers to propose partic-
ular extensions to the access matrix model to deal with shortcomings identified
in the application or system context in consideration. The net result is a prolifer-
ation of point extensions to different flavors of the access matrix model without
a unifying theme.
This paper describes a new approach to access control called usage control
as a fundamental enhancement of the access matrix. An earlier formulation of
usage control models was given in our previous paper [6]. As the core model of
usage control, a family of ABC models is built around three decision factors,
authorizations (A), obligations (B) and conditions (C). The familiar notion of
authorization is based on subject and object attributes. Obligations require some
action by the subject so as to gain or sustain access, e.g., clicking ACCEPT on a
license agreement. Conditions are environmental or system-oriented factors that
predicate access, e.g., time-of-day or overall system load. Further, with respect to
authorizations per se, ABC introduces mutable attributes that change as a con-
sequence of access. Finally, ABC recognizes the continuity of access enforcement
so the decision to allow access is not only made prior to access, but also during
the time interval that access takes place. Given the Turing completeness of the
access matrix model it is theoretically possible to represent these enhancements
within the access matrix, but that would ignore their fundamental nature in
addressing the shortcomings of the classic access matrix identified by numerous
researchers. It is time to enhance the core model.
ABC is the first model to address a systematic and comprehensive exten-
sion of the classic access matrix. By integrating authorizations, obligations and
conditions along with mutable attributes and ongoing enforcement, ABC quite
naturally and elegantly encompasses diverse current proposals in the literature.
It is shown that ABC encompasses traditional discretionary, mandatory, and
role-based access control. It is further shown that ABC encompasses emerg-
ing applications such as trust management, digital rights management, etcetera
within a unified framework. Strictly speaking ABC is a family of models because
each component has a number of options. For example, ABC without obligations,
conditions, mutable attributes and ongoing enforcement, is close to the access
matrix. ABC is a core model of usage control in that it focuses on the process of
access enforcement while leaving other important issues such as administration
or delegation aspects for future development.
In architectural perspective, reference monitor is the most important element
of classic access control. Among the main differences with respect to classic access
control is the requirement for a client-side reference monitor. This is a hallmark
of digital rights management. In this paper, we introduce a modified reference
monitor for usage control and discuss variations of reference monitor based on
its locations. Section 2 examines new aspects that are not covered by classic
access control but crucial for modern applications. Section 3 discuss a family of
