Abstract
With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the past. Likewise, access control may benefit from a less prescriptive approach with an increasing reliance on users to behave ethically. These ideals correlate with optimistic access controls. However, ensuring that users behave in a trustworthy manner may require more than optimistic access controls. This paper investigates the possibility of enhancing optimistic access controls with usage control to ensure that users conduct themselves in a trustworthy manner. Usage control enables finer-grained control over the usage of digital objects than do traditional access control policies and models. Further to ease the development and maintenance of usage control measures, it is posited that it is completely separated from the application logic by using aspect-oriented programming.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chon, R., Enokido, T., Wietrzsk, V.: Role Locks to Prevent Illegal Information Flow among Objects. In: 18th International Conference on Advanced Information Networking and Applications (AINA 2004), Fukuoka, Japan, 29-31 March, 2004, vol. 1, pp. 196–201 (2004)
De Win, B., Vanhaute, B., Decker, B.: Security Through Aspect-Oriented Programming. In Advances in Network and Distributed Systems Security. IFIP TC11 WG11.4 First Working Conference on Network Security, Leuven, Belgium, November 2001, pp. 125–138. Kluwer Academic Publishers, Boston (2001)
English, C., Nixon, P., Terzis, S., McGettrick, A., Lowe, H.: Security Models for Trusting Network Appliances. In: 5th Annual Workshop on Networked Appliances, October 2002, Liverpool, England (2002)
Grandison, T.W.A.: Trust Management for Internet Applications (PhD thesis), in Department of Computing, University of London (2003)
Hong, J.I., Landay, J.A.: MobiSys’ 04, Boston, Massachusetts, USA, pp. 177–189 (2004)
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J.: Getting Started with AspectJ. Communications of the ACM 44(10), 59–65 (2001)
Li, X., Naeem, N.A., Kemme, B.: Fine-Granularity Access Control in 3-tier Laboratory Information Systems. In: Database Engineering and Application Symposium, IDEAS, Montreal, Canada, 25-27 July, 2005, pp. 391–397 (2005)
Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice Hall, United States of America (1997)
Povey, D.: Optimistic Security: A New Access Control Paradigm. In: Proceedings of the 1999 workshop on New security paradigms, September 22 - 24, 1999, Caledon Hills, Ontario, Canada (1999)
Pudney, P.: e-Consent in consumer health & telemedicine. Telemedicine Research Center, University of South Australia (2003), http://www.pudney.net.au/~phillip/papers/econsent.pdf
Ramachandran, R., Pearce, D.J., Welch, I.: AspectJ for Multilevel Security. In: The 5th AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software (ACP4IS), Bonn, Germany, 21 March, 2006, pp. 1–5 (2006)
Russell, D., Gangemi, G.T.: Computer Security Basics, Sebastopol, O’Reilly and Associate, California (1991)
Samarati, P., Bertino, E., Ciampichetti, A., Jajodia, S.: Information Flow Control in Object-Oriented Systems. IEEE Transactions on Knowledge and Data Engineering 9(4), 624–538 (1997)
Sandhu, R., Park, J.: Usage Control: A Vision for Next Generation Access Control. In: The Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, St Petersburg, Russia, pp. 17–31 (2003)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE COMPUTER 29(2), 38–47 (1996)
Stevens, G., Wulf, V.: A New Dimension in Access Control: Studying Maintenance Engineering across Organizational Boundaries. In: Proceedings of the ACM conference on Computer Supported Cooperative Work (CSCW), New Orleans, Louisiana, USA (2002)
Verhanneman, T., Piessens, F., De Win, B., Joosen, W.: Uniform Application-level Access Control Enforcement of Organizationwide Policies. In: Srikanthan, T., Xue, J., Chang, C.-H. (eds.) ACSAC 2005. LNCS, vol. 3740, Springer, Heidelberg (2005)
Walker, R.J., Baniassad, E.L.A., Murphy, G.C.: An initial assessment of aspect-oriented programming. In: Proceedings of the 21st international conference on Software engineering, Los Angeles, California, May 1999, pp. 120–130 (1999)
Xu, Z., Feng, D., Li, L., Chen, H.: UC-RBAC: A Usage Constrained Role-Based Access Control Model. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 337–347. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Padayachee, K., Eloff, J.H.P. (2007). Enhancing Optimistic Access Controls with Usage Control. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)