Information Technology Reference
In-Depth Information
of
Usage Decision Facility (UDF)
and
Usage Enforcement Facility (UEF)
. Each
facility includes several functional modules. UDF includes conditions and obliga-
tions decision modules as well as authorization module. Authorization module
takes care of a process similar to traditional authorization process. It utilizes
subject and object information (attributes) and usage rules to check whether
the request is allowed or not. It may return yes or no. It may return meta-
data information of authorized portion of requested digital objects along with
allowed rights. Then, this metadata information is used for customization of
requested digital objects by customization module of UEF. Condition module
decides whether the conditional requirements for the authorized requests are sat-
isfied or not by using usage rules and contextual information (e.g., current time,
IP address, etc). It may limit rendering devices (e.g., CPU-ID, IP address),
rendering time (e.g., business hour, on-duty), etc. Obligation module decides
whether certain obligations have to be performed or not before or during the
requested usage has been performed. If there exists any obligation that has to
be performed, this must be monitored by monitoring module and the result has
to be resolved by update module in UEF. Note that usage decision rules may
or may not be hardwired into decision facility. Those rules can come along with
related digital information or independently [5,2]. Utilization of these modules
largely rely on the target application systems' requirements.
4.2 Architectural Classification
Based on the location of reference monitor, there can be
Server-side Reference
Monitor (SRM)
, and
Client-side Reference Monitor (CRM)
. Here, server is an
entity that provides a digital object and client is an entity that receives and uses
the digital object. Like a traditional reference monitor, a SRM resides within
server system environment and mediates all access to digital objects. On the
other hand, a CRM resides in the client system environment and controls access
to and usage of digital objects on behalf of a server system. SRM and CRM can
coexist within a system. The trustworthiness of CRM is considered relatively
lower than that of SRM. Therefore, the main concern here is how reliable and
trustworthy the CRM is. In fact, if the client-side computing device is fully
functional and general-purpose, CRM is likely to be manipulated with relatively
less effort. Therefore, CRM is more suitable to applications with less assurance
requirements. This may be improved by using tamper-resistant add-on hardware
devices such as dongles, smartcards, etc. On the other hand, if the client device
is limited in its functionality and dedicated to specific purposes such as e-book
reader or DVD player, CRM is relatively secure from unauthorized manipulations
so applications with relatively high assurance requirements are more suitable.
After all, the implementation of reference monitors largely depends on business
models and their application requirements. For real world implementations, the
chances are that both CRM and SRM are likely to be used for better functionality
and security. In the following subsections these SRM-only, CRM-only, and SRM
& CRM architectures are briefly discussed.
