Information Technology Reference
In-Depth Information
4 UCON Architectures
In architectural point of view, one of the most critical issues in enforcing UCON
is the reference monitor. The reference monitor has been discussed extensively in
access control community and is a core concept that provides control mechanisms
on access to or usage of digital information. Reference monitor associates decision
policies and rules for control of access to digital objects. It is always running and
tamper resistant. Subjects can access digital objects only through the reference
monitor. In this section, we discuss a conceptual structure of UCON's reference
monitor and compare the differences from traditional reference monitor. Also, we
discuss some architectural variations of UCON systems based on the utilization
of reference monitors.
4.1 Structure of Reference Monitor
ISO has published a standard for access control framework [ISO/IEC 10181-3]
that defines reference monitor and trusted computing base [4]. According to the
standard, reference monitor consists of two facilities; access control enforcement
facility (AEF) and access control decision facility (ADF). Every request is inter-
cepted by AEF that asks an ADF for a decision of the request approval. ADF
returns either 'yes' or 'no' as appropriate. Reference monitor is a part of trusted
computing base, always running, temper-resistant, and cannot be bypassed.
UCON reference monitor is similar but different in detail from traditional
reference monitor of ISO's access control framework. Figure 5 shows the concep-
tual structure of UCON reference monitors. UCON reference monitor consists
Usage Enforcement Facility
Customi -
zation
Module
Monitoring
Module
Update
Module
Subjects
Objects
Request Info
Result Info
Usage
Rules
Authorizati
on
Module
Condition
Module
Obligation
Module
Usage Decision Facility
Contextual
Information
Reference Monitor
Fig. 5.
Conceptual Structure for UCON Reference Monitor
