Patricia Ghann, Changda Wang, Conghua Zhou
School of Computer Science and Telecommunication Engineering, Jiangsu University, Jiangsu, China.
DOI: 10.4236/jis.2013.42008   PDF    HTML     3,022 Downloads   5,695 Views   Citations

Abstract

Access and usage control is a major challenge in information and computer security in a distributed network connected environment. Many models have been proposed such as traditional access control and UCONABC. Though these models have achieved their objectives in some areas, there are some issues both have not dealt with. The issue of what happens to a resource once it has been accessed rightfully. In view of this, this paper comes out with how to control resource usage by a concept known as the package concept. This concept can be implemented both with internet connection and without the internet connection to ensure continual control of resource. It packages the various types of resources with the required policies and obligations that pertain to the use of these different resources. The package concept of ensuring usage control focuses on resource by classifying them into three: Intellectual, sensitive and non-sensitive resources. Also this concept classifies access or right into three as: access to purchase, access to use temporally online and access to modify. The concept also uses biometric mechanism such as fingerprints for authentication to check redistribution of resource and a logic bomb to help ensure the fulfillment of obligations.

Keywords

Access Control; Usage Control; Policies; Obligation; User or Subject; Biometric Finger Print; Logic Bomb; Remote Client

Share and Cite:

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	A. Lazouski, F. Martinelli and P. Mori, “Usage Control in Computer Security, a Survey,” Computer Science Review, Vol. 4, No. 2, 2010, pp. 81-99.
[2]	J. Park and R. Sandhu, “A Usage Control (UCON) Model for Social Network Privacy,” 2010.
[3]	J. Park, X. Zhang and R. S. Sandhu, “Attribute Mutability in Usage Control,” Proceedings of IFIP TC11/WG, Eighteen Annual Conferences on Data and Application Security, Kluwer, Vol. 144, 2004, pp.15-29.
[4]	J. Wu and S. Shimatoto, “Usage Control Based Security Access Scheme for Wireless Sensor Network,” Proceedings of IEEE International Conference on Communication (ICC 2010), Cape Town, 23-27 May 2010, pp. 1-5.
[5]	M. Sastry, R. Krishnan and R. Sandhu, “A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems,” In: Communications in Computer and Information Science, Springer, Berlin, 2007, pp. 153-158.
[6]	R. Alnemr, et al., “Enabling Usage Control Reputation Objects, A Discussion on e-Commerce and Internet of Services Environments,” Journal of Theoretical and Applied Electronic Commerce Research Electronic Version, Vol. 5, No. 2, 2010, pp. 59-79.
[7]	W. Shin and S. B. Yoo, “Secured Web Services Based on Extended Usage Control,” In: PAKDD Workshops, Lecture Notes in Computer Science, Springer, Berlin, 2007, pp. 656-663.
[8]	B. X. Zhao, et al., “Towards a Time—Based Usage Control Model,” W3C Privacy and Data Usage Control Workshop, Cambridge, 2010.
[9]	C. Moucha, E. Lovat and A. Pretschner, “A Virtual Usage Control Bus System,” Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable, Vol. 2 No. 4, 2010, pp. 84-101.
[10]	C. Bettini, S. Jajodia, X. S. Wang and D. Wijesekera, “Obligation Monitoring in Policy Management,” Proceedings of 3rd IEEE International Workshop for Distributed Systems and Networks Policy, Monterey, 2002, pp. 2-12.
[11]	D. Basin, et al., “Monitoring Usage Control Policies in Distributed Systems,” IEEE, 2011, pp. 88-95.
[12]	D. Basin, et al., “MONPOLY: Monitoring Usage Control Policies,” Lecture Notes in Computer Science, Vol. 7186, 2012, pp. 360-364. doi:10.1007/978-3-642-29860-8_27
[13]	E. Maler, “Controlling Data Usage with User—Managed Access (UMA),” W3C Privacy and Data Usage Control Workshop, Cambridge, 2010.
[14]	G. D. Bai, et al., “Context-Aware Usage Control for Android,” 6th international ICST Conference on Security and Privacy in Communication, Singapore, 7-9 September, 2010, pp. 326-343.