Abstract
Usage control (UCON) proposed by R. Sandhu et al. [8, 9] is an attributebased authorization model and its main novelties are mutability of attributes and continuity of control.
OASIS eXtensible Access Control Markup Language (XACML) [10] is a widely-used language to write authorization policies to protect resources in a distributed computing environment (e.g. Grid). The XACML policy specifies beforeusage authorization process optionally complemented with obligation actions fulfillment. By now, XACML has insufficient facilities to express continuous usage control afterwards an access was granted and started.
In this paper, we introduce U-XACML, a new policy language, which enhances the original XACML with the UCON novelties. We extend a syntax and semantics of the XACML policy to define mutability of attributes and continuity of control. We introduce an architecture to enforce the U-XACML policy.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Colombo, M., Lazouski, A., Martinelli, E, Moff, P.: On Usage Control for Grid Services. In: The 2009 IEEE International Workshop on HPC and Grid Applications. Sanya, China (2009)
Damiani, M.L., Bertino, E., Silvestri, C.: Approach to supporting continuity of usage in location-based access control. In: FIDCS ‘08: Proceedings of the 2008 12th IEEE International Workshop on Future Trends of Distñbuted Computing Systems, pp. 199—205. IEEE Computer Scciety, Washington, DC, USA (2008)
Feng, J., Wasson, G., Humphrey, M.: Resource usage policy expression and enforcement in grid computing. IEEE/ACM International Workshop on Grid Computing pp. 66—73 (2007)
Hafner, M., Memon, M., Alam, M.: Modeling and enfoiting advanced access control policies in healthcare systems with Sectet. In: Models in Software Engineering: Workshops and Symposia at MoDELS, pp. 132—144. Spffnger-Verlag, Berlin, Heidelberg (2008)
Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.P.: A general obligation model and continuity: enhanced policy enfoitement engine for usage control. In: SACMAT ‘08: Prcceedings of the 13th ACM symposium on Access contiol models and technologies, pp. 123—132. ACM, New York, NY, USA (2008)
Martinelli, E, Mori, P., Vaccarelli, A.: Towards continuous usage control on gffd computational services. In: Proceedings of Joint International Conference on Autonornic and Autonomous Systems and International Conference on Networking and Services (ICAS-ICNS 2005), IEEE Computer Society, p. 82 (2005)
Naqvi, S., Massonet, P., Aziz, B., Arenas, A., Martinelli, E, Mori, P., Blasi, L., Cortese, G.: Fine-Grained Continuous Usage Control of Service Based Grids - The GridTmst Approach. In: ServiceWave ‘08: Prcceedings of the 1st European Conference on Towards a Service- Based Internet, pp. 242—253. Springer-Verlag, Berlin, Heidelberg (2008)
Park, J., Sandhu, R.: Towards usage contiol models: Beyond traditional access contiol. In: SACMAT ‘02: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 57—64. ACM, New York, NY, USA (2002)
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Transactions on Information and System Security 7(1), 128—174 (2004)
XACML: eXtensible Access Control Markup Language (XACML). Www.oasisopen.org/conimittees/xacml
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security 11, (1),1—36(2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer US
About this paper
Cite this paper
Colombo, M., Lazouski, A., Martinelli, F., Mori, P. (2010). A Proposal on Enhancing XACML with Continuous Usage Control Features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds) Grids, P2P and Services Computing. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-6794-7_11
Download citation
DOI: https://doi.org/10.1007/978-1-4419-6794-7_11
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-6793-0
Online ISBN: 978-1-4419-6794-7
eBook Packages: Computer ScienceComputer Science (R0)