Information Technology Reference
In-Depth Information
3 ABC Model for Usage Control
The family of ABC model is a core model for usage control. We call this as a core
model since it captures the essence of usage control while there are other impor-
tant issues to be discussed. In this section we briefly discuss eight components
of ABC models and a family of models in a systematic manner.
3.1 ABC Model Components
The ABC model consists of
eight components
as follows: subjects, subject at-
tributes, objects, object attributes, rights, authorizations, obligations, and con-
ditions (see figure 3).
Subjects
and
objects
are familiar concepts from the past thirty plus years of
access control, and are used in their familiar sense in ABC. A
right
enables access
of a subject to an object in a particular mode, such as read or write. In this sense
the ABC concept of right is essentially similar to the familiar concept of a right
in access control. There is a subtle difference in the ABC viewpoint in that ABC
does not visualize a right as existing in some access matrix independent of the
activity of the subject. Rather the existence of the right is determined when the
access is attempted by the subject. The
usage decision functions
indicated in
figure 3 make this determination based on subject attributes, object attributes,
authorizations, obligations and conditions at the time of usage requests.
Authoriza-
tions (A)
Usage
Decision
Subjects
(S)
Rights
(R)
Objects
(O)
Subject Attributes
(ATT(S))
Object Attributes
(ATT(O))
Obligations
(B)
Conditions
(C)
Fig. 3.
ABC Model Components
Subject and object attributes
are properties that can be used during the
access decision process. One of the most important subject attributes in practice
is subject identity, but it is not required by the ABC model. Subject identity
