Usage Control: A Vision for Next Generation Access Control

  • Ravi Sandhu
  • Jaehong Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


The term usage control (UCON) is a generalization of access control to cover obligations, conditions, continuity (ongoing controls) and mutability. Traditionally, access control has dealt only with authorization decisions on a subject’s access to target resources. Obligations are requirements that have to be fulfilled by the subject for allowing access. Conditions are subject and object-independent environmental requirements that have to be satisfied for access. In today’s highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Traditional authorization decisions are generally made at the time of request but typically do not recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied. In this paper we motivate the need for usage control, define a family of ABC models as a core model for usage control and show how it encompasses traditional access control, such as mandatory, discretionary and role-based access control, and more recent requirements such as trust management, and digital rights management. In addition, we also discuss architectures that introduce a new reference monitor for usage control and some variations.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. MITRE Report, 2(2547) (November 1973)Google Scholar
  2. 2.
    Erickson, J.S.: Fair use, drm, and trusted computing. Communications of the ACM 46(4), 34–39 (2003)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Security frameworks for open systems: Access control framework. Technical Report ISO/IEC 10181-3, ISO (1996)Google Scholar
  5. 5.
    Park, J., Sandhu, R., Schifalacqua, J.: Security architectures for controlled digital information dissemination. In: Proceedings of 16th Annual Computer Security Application Conference (December 2000)Google Scholar
  6. 6.
    Park, J., Sandhu, R.: Towards Usage Control Models: Beyond Traditional Access Control. In: Proceedings of 7th ACM Symposium on Access Control Models and Technologies (June 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ravi Sandhu
    • 1
  • Jaehong Park
    • 2
  1. 1.NSD Security and George Mason University 
  2. 2.ISE DepartmentGeorge Mason UniversityFairfax

Personalised recommendations