Towards A Timesbased Usage Control Model - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Towards A Timesbased Usage Control Model

Description:

2 Institute for Cyber-Security Research at the University of Texas, San Antonio, USA. 3Samsung Information Systems America, San Jose, CA, USA ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 21
Provided by: zha889
Category:

less

Transcript and Presenter's Notes

Title: Towards A Timesbased Usage Control Model


1
Towards A Times-based Usage Control Model
Baoxian Zhao1, Ravi Sandhu2, Xinwen Zhang3, and
Xiaolin Qin4 1George Mason University, Fairfax,
VA, USA 2 Institute for Cyber-Security Research
at the University of Texas, San Antonio,
USA 3Samsung Information Systems America, San
Jose, CA, USA 4 Nanjing University of
Aeronautics and Astronautics, Nanjing,
China presented by Baoxian Zhao
2
Outline
  • Reviewing access control models
  • Traditional access control models
  • Temporal access control models
  • Construction of the TUCON model
  • Preliminaries of the TUCON model
  • Times-based authorizations
  • Authorization rules
  • The implementation of access control
  • Conclusion and Future work

3
Reviewing existing access control models
  • Traditional access control models
  • gtDiscretionary Access Control (DAC)
  • gtMandatory Access Control (MAC)
  • gtRole-based Access Control (RBAC)
  • Temporal access control models
  • gt The temporal authorization models
    suggested by E.Bertino et al 94,96,98
  • Only applied to the DAC model
  • gtTemporal Data Authorization Model
    (TDAM), A. Gal et al 02
  • Adding transaction time and valid time
  • gtTRBAC 01, GTRBAC 05
  • gtgt Adding temporal
    constraints to RBAC Model

4
Limitations of existing access control models
  • Primary consider authorization decisions
    constrained by certain time periods
  • Authorizations are static authorization decisions
  • gt Authorizations are made at the
    requested time and hardly recognize ongoing
    controls for times constrained access or for
    immediate revocation
  • gt Once an authorization decision is
    made, the object can be accessed without
    limitation during a valid period!

5
Requirements of new access control
  • Usage of a digital object can not only be
    time-independent, like read and write
  • But also temporal and times-consuming, such as
    payment-based online reading, or a downloadable
    music file that can only be played 10 times
    within a valid period.
  • It means that authorization can be updated during
    ongoing usage

6
The principle of the TUCON model
  • Keeping the time periods
  • Authorizations are still constrained by the time
    periods
  • Introducing usage times
  • Times are consumed, to meet the request that the
    usage of digital objects can be consumed and
    limited
  • Times are decreased by 1, to update authorization
    during a single access process
  • New features of the TUCON model
  • Authorizations can be updated during ongoing
    usage.
  • Authorizations can be consumed
  • Effectively prevent systems from the attacks of
    DoS, such as nimda and red codes.

7
Difference From UCON
  • In UCON model, it uses ABC (Authorization,
    oBligation, Condition) core models to solve these
    problems
  • In TUCON model, we consider temporal and consumed
    factors as attributes of Authorizations rather
    than attributes of subjects or objects
  • Support delegation
  • TUCON is simple to be implemented.

8
Preliminaries of TUCON
Definition 1 (Periodic expression) Bertino et
al. 98 A periodic expression is defined as
, where
, and are calendars,for
,and . Here let D
present the set of all valid periods.
Example From 900 AM to 1200PM during
workdays Definition 2 (Times) Times are a set
of natural numbers, formally defined as
9
Times-based Authorizations
  • Definition 3 (Times Authorization) A times
    authorization is a 6-tuple (pt,s, o, priv, pn,
    g), where ,
  • Example Mary grants Bob 5 read privilege on
    the book of Sun
  • (5, Bob, Sun, read, , Mary)
  • Definition 4 (Non-Times Authorization) When
    pt -1 in a tuple of times authorization, we call
    this kind of times authorization non-times
    authorization.

10
Times-based Authorizations (cont)
  • Definition 5 (Times-based Authorization) A
    times-based authorization is a 3-tuple (time,
    period, auth) where time represents a time
    interval , period is a periodical
    expression, and auth is a 6-tuple authorization.
    ( )
  • Example Between Jan. 12, 2001 and Dec. 24 ,
    2005, Tom has 6 times of privilege read on
    object file, but he can operate this privilege
    only on Tuesday each week.
  • (1/12/2001,12/24/2005,Weaks2.days,(6,Tom,
    file, read,, Sam) )

11
Authorization rules
  • Definition 6 (Grant Rule) A grant rule is
    defined as the form of
  • Li can be a trigger condition expression.
  • Example 1 In an application system
    Business_system, if a registered user Bob
    pre-pays 1000, he can enjoy a certain
    super-value service m for 6 times during every
    Friday since the time 09/12/2006. Let this
    privilege be super.
  • access( 09/12/2006,8 , Weeks5.days, (6,
    Bob , m, super, , Business_system))?
    prepay(Bob,1000) register (Bob)

12
Authorization rules (cont)
  • Definition 7 (Derived Rule) A derived rule is
    defined as the form of
  • Li can be access with conditional
    expressions
  • Example 2 Now Bob wants to transfer 3 times for
    enjoying the service m to another user Alice.
  • deraccess( 09/12/2006, 8 , Weeks5.days,
    (3, Alice , m, super, , Business_system)) ?
    access ( 09/12/2006, 8 , Weeks5.days, (6,
    Bob , m, super,, Business system)) give(3,
    Alice, m, super, Bob) less(3,6)
  • deraccess( 09/12/2006, 8 , Weaks5.days,
    (3, Bob , m, super, , Business_system)) ?
    access ( 09/12/2006, 8 , Weeks5.days, (6,
    Bob , m, super,, Business system)) give(3,
    Alice, m, super, Bob) less(3,6)

13
Authorization rules (cont)
  • Definition 8 (Resolution Rule) A resolution rule
    is defined as the form of
  • Li can be access or deraccess or condition
    expressions specified by security policy
  • Example 3 In example 2, if Alice has 4 times
    super right on service m.
  • force_access( 09/12/2006, 8 ,
    Weaks5.days, (7, Alice , m, super, ,
    Business_system)) ? access ( 09/12/2006, 8 ,
    Weeks5.days, (4, Alice , m, super, , Business
    system)) deraccess ( 09/12/2006, 8 ,
    Weeks5.days, (3, Alice , m, super, , Business
    system))

14
Completeness of rules
  • THEOREM 1 ( Completeness) The policy in TUCON
    can be specified by a non-empty set of TUCON
    rules.
  • Proof 1 no conflict decisions
  • 2 specifying all possible
    decisions

15
The Implementation of Access control
  • Grant privileges
  • Access objects
  • Revoke privileges

16
Grant privileges
  • Times-based authorization
  • gthere, pt gt0 and pn
  • Unlimited authorization
  • gtpt-1 and pn

How about Times-based authorization Unlimited
authorization?
17
Access objects
  • Times-based Authorization Base (TAB)
  • gt A set of authorizations, in which there
    is no
  • conflict authorizations.
  • Valid Access Function
  • gt A function to check every access
    request against
  • the current TAB to determine whether
    the access is
  • authorized.

18
Revoke privileges
  • Time intervals
  • gt time intervals is expired!
  • Usage Times
  • gt pt0
  • Other factors
  • gt Abusing privileges
  • gt Breaking security policies

19
Conclusion and Future Work
  • Wide applications, especially in times-metered
    systems
  • Viewed as a solution to some specific problems of
    mutable attributes in modern access control
  • Extend the model by considering different
    intervals and different periods.
  • Develop the administration of authorization in
    UCON

Using temporal logic to express?
20
Any Question?
  • Thank you !
Write a Comment
User Comments (0)
About PowerShow.com