Information Technology Reference
In-Depth Information
Conditions
are environmental or system-oriented decision factors. Examples
are time of day and system load. They can also include the security status of the
system, such as normal, high alert, under attack, etc. Conditions are not under
direct control of individual subjects. Evaluation of conditions cannot update any
subject or object attributes.
3.2 The ABC Family of Core Models
Based on three decision factors, authorizations, obligations, and conditions, and
continuity and mutability properties, we have developed a family of core models
for usage control. We say these are core models because, as discussed earlier,
they focus on the enforcement process and do not include administrative issues.
Also, they will need to be further elaborated for specific applications.
The ABC model assumes there exists a usage request on a target object.
Decision-making can be done either before (pre) or during (ongoing) exercise of
the requested right. Note that decision-making after the usage does not make
sense since there can be no influence on the decision of current usage. Mutability
allows certain updates on subject or object attributes as side effects of usages.
If usage is immutable, there is no update required for the decision process and
denoted as '0'. For mutable usage, updates are required either before (pre), dur-
ing (ongoing), or after (post) the usage and denoted as '1
,
2
,
and 3', respectively.
Based on these criteria, we have developed 16 possible model spaces as a core
model for usage control. While there are examples for an individual model, many
real world systems are likely to utilize more than one model. In this paper we
only consider pure models for simplicity.
0 (immutable) 1 (pre-update) 2 (ongoing-update) 3 (post-update)
preA
Y
Y
N
Y
onA
Y
Y
Y
Y
preB
Y
Y
N
Y
onB
Y
Y
Y
Y
preC
Y
N
N
N
onC
Y
N
N
N
Fig. 4.
The 16 Basic ABC Models
Figure 4 shows all possible detailed models based on these three criteria.
Cases that are not likely to be realistic are marked as 'N'. If decision factor is
'pre', updates are likely to occur only before or after the right is exercised and
there is little reason to have ongoing updates since without ongoing decision,
ongoing-update can influence only decisions on future requests and therefore
the updates can be done after the usage is ended. However, if decision factor
is 'ongoing', updates are likely to be happen before, during or after the usage.
For condition models, evaluation of condition cannot update attributes since it
simply checks current environmental or system status.
