Abstract
Access control aims at restricting access to resources instantly. However, in collaborative computing environments with shared resources and distributed right management systems more advanced controlling mechanisms are required. For example, the control of the usage of a resource may need to be continuous, obligations is required, and concurrency is an important aspect when different users use a shared resource. To overcome these shortcomings of traditional access control, usage control has been proposed and investigated recently. In this paper we introduce a new usage control policy specification. Beyond existing approaches, the novelty of our policy is threefold: first, the ability to integrate the functional and security aspects of the system, thus lending support to control system behavior continuously. Second, post obligation is supported in a way that a violation of any rule during the current usage session, or after it ends, can affect the decisions of future usages. Finally, concurrency rules are embodied in the policy model, thus concurrent usages by different users to shared resources are controlled.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A policy language for distributed usage control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)
Janicke, H., Cau, A., Siewe, F., Zedan, H.: Concurrent enforcement of usage control policies. In: IEEE Policy 2008 (2008)
Janicke, H., Cau, A., Zedan, H.: A note on the formalization of ucon. In: ACM SACMAT 2007 (2007)
Jensen, K.: Coloured Petri Nets, vol. 1. Springer, Heidelberg (1992)
Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity enhanced policy enforcement engine for usage control. In: ACM SACMAT 2008 (2008)
Martinelli, F., Mori, P.: A Model for Usage Control in GRID systems. In: ICST SecureComm 2007 (2007)
Park, J., Sandhu, R.: The ucon_abc usage control model. ACM TISSEC 7(1), 128–174 (2004)
Pretschner, A., Hilty, M., Schütz, F., Schaefer, C., Walter, T.: Usage control enforcement: Present and future. IEEE Security and Privacy 6(4), 44–53 (2008)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM TISSEC 8(4), 351–387 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katt, B., Zhang, X., Hafner, M. (2009). Towards a Usage Control Policy Specification with Petri Nets. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2009. OTM 2009. Lecture Notes in Computer Science, vol 5871. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05151-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-05151-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05150-0
Online ISBN: 978-3-642-05151-7
eBook Packages: Computer ScienceComputer Science (R0)