Enforcement of U-XACML History-Based Usage Control Policy

  • Fabio Martinelli
  • Ilaria Matteucci
  • Paolo Mori
  • Andrea SaracinoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)


Usage Control policies have been introduced to overcome issues related to the usage of resources. Indeed, a Usage Control policy takes into account attributes of subjects and resources which change over time. Hence, the policy is continuously enforced while an action is performed on a resource, and it is re-evaluated at every context change. This permits to revoke the access to a resource as soon as the new context violates the policy. The Usage Control model is very flexible, and mutable attributes can be exploited also to make a decision based on the actions that have been previously authorized and executed. This paper presents a history-based variant of U-XACML policies composed via process algebra-like operators in order to take trace of past actions made on resources by the subjects. In particular, we present a formalization of our idea through a process algebra and the enhanced logical architecture to enforce such policies.


  1. 1.
    eXtensible Access Control Markup Language (XACML) Ver. 3.0.
  2. 2.
    Baiardi, F., Martinelli, F., Mori, P., Vaccarelli, A.: Improving grid services security with fine grain policies. In: On the Move to Meaningful Internet Systems 2004: Confederated International Workshops and Posters, GADA, JTRES, MIOS, WORM, WOSE, PhDS, and INTEROP 2004, Agia Napa, Cyprus, October 25–29, pp. 123–134 (2004)Google Scholar
  3. 3.
    Birnstill, P., Pretschner, A.: Enforcing privacy through usage-controlled video surveillance. In: 10th IEEE International Conference on Advanced Video and Signal Based Surveillance, AVSS 2013, Krakow, Poland, August 27–30, pp. 318–323. IEEE (2013)Google Scholar
  4. 4.
    Brewer, D., Nash, M.: The chinese wall security policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press (1989)Google Scholar
  5. 5.
    Desprez, F., Getov, V., Priol, T., Yahyapour, R.: A proposal on enhancing XACML with continuous usage control features. In: Colombo, M., Lazouski, A., Martinelli, F., Mori, P. (eds.) Grids, P2P and Services Computing, pp. 133–146. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Usage control in cloud systems. In: Procedings of The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012), pp. 202–207. Infonomics Society (2012)Google Scholar
  7. 7.
    Martinelli, F., Mori, P.: On usage control for grid systems. Future Gener. Comput. Syst. 26(7), 1032–1042 (2010)CrossRefGoogle Scholar
  8. 8.
    Mauw, S., Massacci, F., Piessens, F., Aktug, I., Naliuka, K.: Special issue on security and trust conspec - a formal language for policy specification. Sci. Comput. Program. 74(1), 2–12 (2008). zbMATHGoogle Scholar
  9. 9.
    Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004). CrossRefGoogle Scholar
  10. 10.
    Park, J., Sandhu, R.: The \({UCON}_{ABC}\) usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)CrossRefGoogle Scholar
  11. 11.
    Sarno, C.D., Garofalo, A., Matteucci, I., Vallini, M.: A novel security information and event management system for enhancing cyber security in a hydroelectric dam. IJCIP 13, 39–51 (2016)Google Scholar
  12. 12.
    Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 3:1–3:36 (2008)CrossRefGoogle Scholar
  13. 13.
    Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Fabio Martinelli
    • 1
  • Ilaria Matteucci
    • 1
  • Paolo Mori
    • 1
  • Andrea Saracino
    • 1
    Email author
  1. 1.Istituto di Informatica e TelematicaIIT-CNRPisaItaly

Personalised recommendations